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METHOD AND SYSTEM FOR SECURELY 
INCORPORATING ELECTRONIC INFORMATION INTO 
AN ONLINE PURCHASING APPLICATION 

TECHNICAL FIELD 
5 The present invention relates; to facilitating the purchase of 

electronic information using digital commerce and, in particular, to providing a 
component-based architecture that facilitates online licensing and purchase of 
digital content and software. 

BACKGROUND OF THE INVENTION 

10 Today's computer networking environments, such as the Internet, 

offer an unprecedented medium for facilitating the purchase of software and 
digital content online. Electronic software distribution (ESD) provides an online 
alternative (using computers) for ^ u..stor;ier to purchase software and other types 
of digital content from publishers, resellers, and distributors without the physical 

15 distribution of a shrink-wrapped product. This online process is referred to as 
digital commerce. The customer purchases and downloads the software or other 
digital content directly from the network. In the context of this specification, 
software is generally a computer program, which is self executing, whereas 
digital content that is not software is data that serves as input lo another computer 

20 program. For example;, audio ccntcm is digital content (an audio script) that is 
played and heard by executing an audio player (a computer program) to process 
the audio script. This act of processing is referred to as "executing" the digital 
content. For the purposes of this specification, self-executing content and other 
digital content, as well as any oth,v type of electronic information that can be 

25 licensed or purchased, including combinations of content and a player for that 
content, will be referred to generic^lly as electronic information, electronic data, 
or electronic content. 
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One of the major problems that authors of electronic content face 
using digital commerce is a reliable mechanism for obtaining payment for their 
electronic content. One reason is that it has become increasingly easy, without 
the use of secure licensing code, to copy and widely distribute electronic content. 

5 To limit the use of illegal copies of electronic content, current systems have 
incorporated licensing code into existing application programs to be 
electronically distributed using various solutions. According to one technique, 
which will be referred to herein us "trapping," a second application program (a 
wrapper program) is distributed on the network, which includes an encrypted 

10 version of the original application program. The wrapper program, when 
installed, decrypts the encrypted original application program arid then proceeds 
to execute the original application program. To successfully decrypt the 
program, a legitimate end user must provide the proper licensing information to 
enable the decryption to operate. A security hole exists, however, in that, while 

15 the wrapping program is in the process of decrypting the original application 
executable file, temporary files are created to hold the decrypted program code. 
Once the entire original application program has been decrypted and stored in the 
temporary file, a "software pirate'' can then make multiple copies of the original 
unencrypted application program in the temporary file and car; distribute them 

20 illegally. 

Further, use of the wrapping technique to incorporate licensing 
provides only limited additional ser.urivy to a vendor who implements what is 
known as a "try and bay" licensing model. A try ana buy licensing model 
typically distributes an application program with either limited functionality or 

25 for a limited time of use to enable a potential customer to explore the application. 
Functionality may be limited, for example, by disabling a set of features. Once 
the potential customer is satisfied, the customer can pay for and license the 
application program tor more perniaueni: use. If an application program is 
distributed using the wrapping technique to potential custonisn: for the purpose 

30 of try and buy licensing, then, when the application program is decrypted and 
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stored in a temporary file, a software pirate can determine how to enable the 
disabled features or how to remove vhe license expiration data. These security 
problems can result in the distribution of illegal copies, which are hard to detect 
and monitor in a global network environment. 

5 A second technique for incorporating licensing code into an 

existing application program directly inserts the licensing code into the 
executable file. Using the direct insertion method, an application developer 
determines where in the executable file ir.e licensing code should be placed and 
inserts the new code into the executable. Afier inserting the licensing code into 

10 the existing executable file, the application developer adjusts addresses that 
reference any relocatable code or date* that follows the inserted code to account 
for the newly added code. Howeve;, ii is very difficult for an application 
developer to determine where to huert the licensing code and to then test the 
entire application to ensure it works couvzCy. An application developer would 

15 typically neeo to disassemble the executable fiie and study the disassembled code 
to determine where to insert the ^censing code. Su-b disassembling and 
studying is a veiy time-consuming process. Furthermore, the process must be 
repeated for each application program, and for each version of each application 
program in which the code is to be inserted. 

20 In addition to problems relating to obtaining payment due to illegal 

distribution, ; r he current methods ;'^r incorporating licensing code and for 
supporting digital commerce prey era scalability proble;as\ For example, it is 
difficult for these systems to hancLe large volumes and numerous types of 
electronic content because any change to the licensing o: purchasing model 

25 requires re-encryption and perhaps r?-wrappmg of die electronic content. In 
addition, it is difficult to distribute suJi content online when the content is large 
in size because the network conneuxn rr^y be prone: :o failures. A failure in a 
network connection when downloading rhc electronic ccntent would require 
starting the dovviiload operation ag;ui„ 
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To perform digital nor^msrce, today's computer networking 
environments utilize a client/server architecture and a standard protocol for 
communicating between various network sites. One such network, the World 
Wide WEB network, which comprises a subset of Internet sites, supports a 

5 standard protocol for requesting and for receiving documents known as WEB 
pages. This protocol is known as the Hypertext Transfer Protocol, or "HTTP." 
HTTP defines a high-level message passing protocol for sending and receiving 
packets of information between o\v:,iic applications. Deiaiis of HTTP can be 
found in various documents including 7. Beniers-Lee etal., Hypertext Transfer 

10 Protocol-HTTP 1.0, Request for Co nments (RFC) 1945, MIT/LCS, May, 1996, 
which is incorporated herein by reference. Each HTT? message follows a 
specific layout, which includes dr.iong other information a header, which 
contains information specific to the request or response. Further, each HTTP 
message that is a request (an I-TTTP request message) contains a universal 

15 resource identifier (a "URI"), vvl^l: specifies a target nenvorfc lesource for the 
request. A URI is either a UniiL. :n Resource Locator ("URL' 7 ) or Uniform 
Resource Name ("URN''), or any o« .r formatted st/mg that identifies a network 
resource. The URI contained ya a request message, in effect, identifies the 
destination machine for a menage. URLs, as an example of URIs, are discussed 

20 in detail in T. Beraers-Lee, et ah, Uniform Resource Locators (URL), RFC 1738, 
CERN, Xerox PARC, Univ. of Iviin.i., December, 1994. which is incorporated 
herein by reference. 

Figure 1 illustrates jo\v a browser application, using the 
client/server model of the World WVJe WEB network, enables users to navigate 

25 among network nodes by requesting and receiving WEB pages. For the purposes 
of this specification, a WEB page is any type of document that abides by the 
HTML format. That is, the documur: unhides an "<RTML>" statement. Thus, 
a WEB page can also be referred to as an HTML document oi an HTML page. 
HTML is a document mark-up language, defined by the Hypertext Markup 

30 Language ("HTML") specification. IIVML defines lags ici specifying how to 
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interpret the text and images stored in an HTML page. For example, there are 
HTML tags for defining paragraph formats and text attributes such as boldface 
and underlining. In addition, the HTML format defines tags for adding images to 
documents and for formatting and aligning text with respect to images. HTML 

5 tags appear between angle brackets, for example, <HTML>. Further details of 
HTML are discussed in T. Berners-Lee and D. Connolly, Hypertext Markup 
Language-2.0, RFC 1866, MIT/W3C, November, 1995, which is incorporated 
herein by reference. 

In Figure 1 , a WEB bn^ser application 101 \z shown executing on 

10 a client computer system 102, which communicates with a server computer 
system 103 by sending and receiving HTTP packets f messages). The WEB 
browser application 101 requests WEB pages from other locations on the 
network to browse (display) wha * is available at thsse locations. This process is 
known as "navigating" to sites cn ihe WEB network. In particular, when the 

15 WEB browser application 101 ' navigates" to a new location, it requests a new 
page from the new location (-3.g. v uncv computer sys^r.i K)3) by sending an 
HTTP-request message 104 using airy w^I-known underlying communications 
wire protocol. HTTP-request me&s^v 1C4 follows the specific layout discussed 
above, which includes a header 105 z*\L a URI field J 06 which specifies the 

20 target network location for the revest. When the stv^r computer system 
machine specified by URI 106 (^g . the server computer syirem 103) receives 
the HTTP-request message, a decern x^es the message packet and processes the 
request. When appropriate, the suv-;-r computer system constructs a return 
message packet to send to the sowi:. location that originated the message (e.g., 

25 the client computer system 102} in 7k. form of an HTTP-response message 107. 
In addition to the standard features o:\^ .ITT? message, such as the header 108, 
the HTTP-response message .07 cj.'ita:v«s the requested WEB page 109. When 
the HTTP-response message 1C7 reaches the client computer system 102, the 
WEB browser application 1C1 extras; WEB page IC9 from the message, and 

30 parses and interprets the HTML co-e !u the page (exequies the WEB page) in 
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order to display the document on a ;v'sp;ay screen of the dizrJ. computer system 
102 in accordance with the HTML 

SUMMARY OF THE INVENTION 

The present invention pro\ ides methods and systems for facilitating 

5 the purchase and delivery of electronic content using a secure digital commerce 
system. The secure digital commerce system interacts with an online purchasing 
system to purchase and distribute . .exhandise eve: a m-avork. The secure 
digital commerce system is comprise.: of a plurality of modularized components, 
which communicate with each otier to download, license, and potentially 

10 purchase a requested item of merchandi se. Each component is customizable. 

Exemplary embodiments the seem a dijitdl commerce system 
("DCS") include a DCS client and i iXS scrvex. The ZCS client includes a 
plurality of client components, vvlvl c;i are do wnloaded ly a boot program onto a 
customer computer system in itopo^c lo requesting an ite,n of merchandise to 

15 be licensed or purchased. The ;iovv. ;>aded client components include a secured 
(e.g., encrypted) content file that corresponds to the contend: of the requested item 
and licensing code that is automatically executed to ensure that the item of 
merchandise is properly licensed bufo-o a customer is peirnitLed to operate it. 
The DCS server inciades a consul supplier server, which provides the DCS 

20 client components that are specific ;o the requested item, and a licensing and 
purchasing broker, which gene^ue. uid regains a secure electronic licensing 
certificate in response to a request L license the requested item of merchandise. 
The generated electronic license certificate contains licensing parameters that 
dictate whether the merchandise is permitted to be executed. Thus, once properly 

25 licensed, the downloaded client co. apuwcnts in conjunction with the electronic 
license certificate permit a legitimate customer to exec^e (process) purchased 
content in a manner that helps prevent legitimate piracy. 

In one embodiment, ;,:ectrcnie license certificate is generated 
from tables stored in a password generation data repository. Each table contains 
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fields that are used to generate the icense parameters. Each electronic license 
certificate is generated specifically fb:* a particular item of merchandise and for a 
specific customer request. Also, the electronic license certificate is secured, such 
as by encryption, to prevent a user from accessing the corresponding item of 
5 merchandise without proper authorization. One technique for securing the 
electronic license certificate uses a symmetric cryptographic algorithm. 

The secure digital eor-imerce system also supports the ability to 
generate emergency electrode lii^me werii:;iea;;es in eases where an electronic 
license certificate would not iionvjiiily be authorized. To accomplish this 
10 objective, a separate emergency password generation table h provided by the 
password generation data repository. In addition, the secure digital commerce 
system reliably downloads the client components even when a failure is 
encountered during the download procedure. Further, a mhirnum number of 
components are downloaded. 

In addition to gcc:atu,g electronic license certificates, the 
licensing and purchasing broker mu> ili>o include access to a payment processing 
function, which is invoked to authorize a particular method of payment for a 
particular transaction. The licensing ;.:.d purchasing broker may also include 
access to a clearinghouse function uucj :o trade and audit purchases. 

Digital commerce is pei forced using ;he secure digital commerce 
system as follows. A customer invokes an online purchasing system to request 
an item of merchandise and to indicate; a purchasing option (such as "try" or 
"buy"). The DCS client then dov,vu eaas onto a customer computer system the 
client components thai are associate v/:Lk the requested item. Included in these 
components is a secured content comoctient The secured content component is 
then installed and executed (processed; in a mariner that ivatomatically invokes 
licensing code. The licensing cooe, wiieii the requeued item is not yet licensed 
properly, causes the requested ixt\n to be licensed by (he licensing and 
purchasing bicker in accordance <ah;i the indicated purchasing option before the 
content component becomes operable specifically, the licensing and purchasing 
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broker generates a secure electronic license certificate and completes an actual 
purchase when appropriate. The broker then returns the electronic license 
certificate to the licensing code, which unsecurcs (e.g., unencrypts) and 
deconstructs the electronic license certificate to determine the licensing 

5 parameters. The licensing code then executes (processes) the content component 
in accordance with the license parameters. 

In some embodiments, the secure digital commerce system 
supports the licensing aid purehf^ng :n both merchandise that is deliverable 
online and merchandise that requires physical shipment of a product or service 

10 (e.g., non-ESD merchandise). 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 illustrates now a browser application, using the 
client/server model of the World W-^de WEB network, cables users to navigate 
among network nodes: by requeuing receiving WZ3 pages. 
15 Figure 2 i:; an e?:am; -c d ; play screen of an online virtual store that 

operates with the secure digital commerce system. 

Figure 3 is an overview block diagram of the secure digital 
commerce system. 

Figure 4 is an overview .Cuwchart of the example steps performed 
20 by the secure digital commerce ny*: components to perform rhe licensing and 
purchase of eiecironio data. 

Figure 5 is a blool 1; ..g::i., of a gene^l pulpit computer system 
for practicing embodiments of tht liCS client. 

Figure 6 is an example flow diagram of the steps performed to 
25 generate the components of the DCS zY.&iii. 

Figure 7 is an example WEB page cf a virtual store used to 
purchase electronic data, which h c .;-cir.ii;g on a eus:on:;^r computer system. 
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Figure 8 is an exampi: fbw diagram of the steps performed by a 
boot program executed on a customer computer system to download client 
components when licensing a selected item of merchandise. 

Figure 9 is an example flow diagram of licensing code that has 
5 been incorporated into an encrypted content file. 

Figure 10 is an example display screen presented by a virtual store 
to determine whether a customer desires to license a product for trial use or for 
purchase. 

Figure I! is an example flow diagram of the steps performed by 
10 licensing code to determine whether a valid electronic licensing certificate is 
available. 

Figure 12 is a:* cxamp's flow diagram of the steps performed by a 
licensing and purchasing broker of tfcs secure digital co-imierce system. 

Figure 13 is an example display screen of the WinZip 6.2 program, 
15 which was selected for purchase i:; Fi.oure 7. when it executes after completing 
the licensing procedures. 

Figure 14 is an exam; 'e display screen for selecting a particular 

credit card. 

Figure 15 is sr. ex£:;vp" . display screen for entering a password for 
20 a selected credit card. 

Figure 16 is an ex^^Ie dupiay screen *d;r adding a new credit 

card. 

Figure :7 is an (vxamj^ display screen for allowing a customer to 
verify an intent to put chase aftet H <ag a method of pa.yme.it. 
25 Figure 18 is an exavapie display screen for indicating that a 

purchasing transaction has been au^L rL .d. 

Figure 19 is an ex.a-V.piv- block diagram that illustrates one 
technique for ensuring secure ccnv.v jr^j/dons between a DCS client component 
and a licensing and purchasing broke*. 
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Figure 20 is an example encrypted message protocol for sending 
encrypted messages between a DCS client component and a licensing and 
purchasing broker. 

Figure 21 is an exanpb flow diagram of the additional steps 
5 performed by a licensing and purclvsntg broker of the secure digital commerce 
system to support non-ESD transactions. 

DETAILED DESCRIPTION OF TITi INVENTION 

Exemplary embodiments of fee present invention provide methods 
and systems for facilitating secure nigral commerce of electronic content. The 

10 secure digital commerce system interacts with an online purchasing system, such 
as a virtual store, to facilitate tlu; pu :h . ro and distribution of merchandise over a 
network, such as the Internet or the World Wide WEB network (the WEB). For 
the purposes of this specification, a virtual store is any executable file, data, or 
document (fo.* example, a WEE y*gO. thai enables a user to electronically 

15 purchase merchandise ovei a netiva;'.:. 

Figure 2 is an exarq^o dii-play screen of an or lire virtual store that 
operates with the secure digital cc* .;-;h.tc;j system. Although the secure digital 
commerce system is described wiiA v/: ..,nce to a virtual store, one skilled in the 
art will recognize that an> type ci .eouonic purchasing system or application, 

20 including a standalone application, i* operable with embodiments of the present 
invention. A browser application w:.u;l. w 20 1 is shown currently displaying (and 
executing) a WEB page 202 re!,r,^ from the location specified by the URI 
"www.buysoftware.com." WEE v.g. 202 provides a set of user interface 
elements, for example, pushtuaou; I'M and 205 and :^on 203 which display 

25 information or which can be used to il, -^ate xo additional information. A virtual 
store typically provides a set or it.,uas, which each describe an item of 
merchandise that can hz purchaser. For example, graphical icon 203 is an 
example icon that is linked ic Uit h-.\. .ionality nueaed to purchase a Microsoft 
Corp. software game entitled "RETLivN OF ARCADE/ 5 
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Each icon is typically linked to a server site on the network, which 
is responsible for supplying the content of the item when purchased if the item is 
capable of electronic delivery. When the user selects one of the icons, the 
browser application, as a result of processing the link, sends a request for the 

5 selected item to the server site. Thus, when a customer selects the icon 203, an 
HTTP request message is sent to an appropriate server site to locate and 
download the software modules that correspond to "RETURN OF ARCADE." 

For the purposes of thu .specification, v. he merchandise that can be 
licensed and distributed online includes any type of digital or electronic, 

10 information or data that can be transmitted using any means for communicating 
and delivering such data over a rework, including data transmitted by 
electronics, sound, laser, or other .ritr.Ilar technique. Similarly, although the 
present application refers gencricaUy to '-electron::; data" or "electronic content," 
it will be understood that embodiments of the present invention can be utilized 

15 with any type of data that zan be stoi d aud transmitted over a network. 

The secure digval co iw^ce system is arranged according to a 
client/server architecture and p;cv:;.5S a modularized DCS client and a 
modularized DCS server that inte^u vvirh the online purchasing system to 
perform a purchase. The DCS clkn: in:h:des a set of clieni components; support 

20 for downloading the client components onto a customer computer system; and 
support for comxnunicating with he DCS server *;o license an item of 
merchandise. The clbiii: componen : cc i;ain a sec-red (c.£., encrypted) copy of 
the content and various coinponoi.; needed io license and purchase the 
merchandise txid to unseenre , decrypt) and execute the licensed 

25 merchandise. The DCS clier.L c-jn: i u.uoates with the DCS server to download 
the client components onto a cue ■ r's computer system in response to a 
request for merchandise from the or. \ini pur chasing system. The DCS client also 
communicatee wiih the DCS yirur to license and purchase the requested 
merchandise. The DCS serv^ j^r.. cu> an electronic license certificate, which 

30 contains license parameters (e.g., .,. ;,ns) that are •ptcific to the requested 
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merchandise and to a desired p;irch; -Tig option (sue'; trial use, permanent 
purchase, or rental). The DCS server v h~n sends the generated electronic license 
certificate to the DCS client. Once h valid electronic license certificate for the 
requested merchandise is received by the DCS client, the merchandise is made 
5 available to the customer for use h accordance with the license parameters 
contained in the electronic license eer ; f .cate. 

The DCS client include a download file, a user interface library, a 
purchasing library, a secured c: r :: u' f-i.:*, ?. D CS sec tint;; i. .formation file, and 
licensing code. There is; a download for each itenr.. of merchandise that can be 

10 distributed electronically, which contJr,:, an executable boot program. The boot 
program is responsible for determining vhat components need tc be downloaded 
for a requested item cf merch£.ndi^\ Tl^ secured content file contains the 
content that corresponds to die vcque'e- of merchandise. The content may 
be a computer program, data, o: a c o 'ibinaiion cf both. Fur the purposes of this 

15 specification, ''secure" or ^eci^u'" c.^vit; ihe use yl ,ryp":ography or other 
types of security, including the use c.~ -.ic^dware. Cue **]crc cf the remaining 
components can be shared by several [isms of merchandise. For example, the 
user interface library, which defines t: a.er interface used :o purchase and license 
merchandise, may be specific tc 1/cia of merchandise oi may be uniform for 

20 an entire online purchasing system. 1 :il> purchasing library, licensing code, and 
DCS security information file arc js;g. ;o inierucc wiJ; die DCS server to 
properly license requested m*rch£u.ai>'-. >n pardculat, \he iu-e^mg code ensures 
that the requested merchandise is no, ..pirabie by tnc customer until it has been 
properly licensed by the DCS serve:. 

25 The DCS server include u. content supplier server, a licensing and 

purchasing broker, and a payment pre messing function. The content supplier 
server provides the merchandise-spec. ik DCS client components. The licensing 
and purchasing broker generates e;.,eaomo license ceniticaLes and manages 
purchases. The pa)'rneru processing .aic^on authorizes pu> mem for a particular 
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transaction. One or more of each o; these entities may be available in a DCS 
server. 

One of the advantages of the modularized nature of exemplary 
embodiments of the present invention is that it provides a natural mechanism for 
5 replacing individual components and for customizing the system. For example, 
by replacing only the licensing code and a portion of the licensing and 
purchasing broker, an entirely new cryptographic algorithm may be used to 
secure the content. Embodiments oi .he invention afjo support the secure 
execution of requested merchandise and minimize the number of components 

10 needed to secuiely download, licsri.se, and execute the requested merchandise. 

For the purposes cf mis specification, any client/server 
communication architecture and communication protocol that supports 
communication between the DCS client and the DCS server could be used. 
However, in an exemplary embodiment, the secure digital commerce system 

15 utilizes the HTTP request cornviiuiii :aiiiu model provided by &e World Wide 
WEB network. A derailed description of this architecture and of WEB page 
communication is provided in I. O'Donnell etal., Special Edition Using 
Microsoft Internet Explorer 3, QUE Corp., 1996, which is incorporated herein by 
reference. 

20 Figure 3 is an overview block diagram of :he secure digital 

commerce system. Figure 3 include; a DCS client 301 md a DCS server 302, 
which are used with an online pmci..a£iikg application, such as a WEB browser 
application 303, to provide a purchasing interface for a potential customer. The 
DCS client 301 includes a virtual stoic 304 and a data repository 305. The 

25 virtual store 304 provides a cusiOiaer iVont end 312 ax.d stores in the data 
repository 305 merchandise-specific download files 3 1 3. The customer front end 
312 includes WEB pages and associated processing support, which are 
downloaded onto a customer compute* system 311 to er..a!:k a user to purchase 
merchandise. The download fik'c ; 13, which each conain *.n executable boot 

30 program and a component lis/c, ate u^d to download the tr;er:handise-specific 
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client components (for example, a secured content file and licensing code). 
When an item of merchandise is requested, the associated download file is 
processed to extract the executable boot program and the component list. The 
executable boot program downloads the needed components from the content 
5 supplier server 306 using the component list, which specifies the components that 
are needed to successfully license and operate the corresponding item of 
merchandise. In an alternate embodiment, download files are generated 
dynamically from component lists, which lists are scored in the data repository 
305. 

10 The DCS server 302 includes a contend supplier server 306, a 

licensing and purchasing broker (server) 307, a password generation data 
repository 303, and a payment preceding function 309. The licensing and 
purchasing broker 307 includes a sepr^te licensing library 310 (passgen.dll), 
which contains the code for generrfr^ an appropriate license in response to a 

15 request from the virtual store. The iccnsing library : 10 uses the password 
generation data repository 308 io generate an electronic license certificate 
("ELC") with licensing parameter? A ht' correspond to a particular item of 
merchandise. An electronic license certificate is encrypted electronic data that 
provides information thai can b? -dh;^d to determine whether a particular 

20 customer is authorized to execute :hr merchandise. Such information may 
include, for example, the speeifk iiw r of a pericd of time that a particular 
customer is allowed to execute the m.;n,haid:se for trial usr. The data repository 
308 contains tables and fields that are used to create, the license parameters of a 
license. The data repository 3C8 may certain information that is supplied by the 

25 source companies of the available -merchandise. The payment processing 
functions 309 are used by the licens: a^d purchasing broker 307 to charge the 
customer and to properly credit the appropriate supplier v/hen the customer 
requests an actual purchase (rLther th. 3 ;? ;xial use or another form of licensing). In 
addition, clearinghouse AiiiCcLns ^r.;/ be invokec by \lc licensing and 

30 purchasing broker 307 re audit anil hack an online purchase. Clearinghouse 



WO 98/58306 



15 



PCT/US98/12686 



functions may be as provided by wod-known commercial sources, such as 
Litlenet and Cybersource. Similarly, payment processing functions may be 
provided using well-known commercial credit card authorization services. 

Figure 4 is an overview flowchart of the example steps performed 

5 by the secure digital commerce system components to perform the licensing and 
purchase of electronic data. This figure briefly describes the interactions 
between the components shown in Figure 3 to accomplish the downloading, 
licensing, and purchasing of a reque^-d item of merchandise when it can be 
delivered online. In step 401, Che potential custovricr downloads a WEB page 

10 (part of the customer front end 312) from the virtual store 304 that includes the 
item to be requested (see, for example, Figure 2). In step -402, the customer 
requests an item of merchandise, for example, by selecting an icon that is linked 
to a download file that corresponds ;c the desired item. In response to the 
selection, in step 403, the virtual s : ;ore 304- downleads ord installs the download 

15 file, which extracts ;he executable bco\ program and component list and causes 
execution (preferably as a backgiound usk) of the executable boot program on 
the customer computer system 311. In step 404, che boot program reads the 
component list to determine what DCS client components to download and 
requests the determined components rl*om the appropriate contents supplier 

20 server 306. The component list, as further described bilow with reference to 
Table 2, indicates source and taigct locations for each component to be 
downloaded. In step 4C6, the beoi program installs a downloaded (secured) 
content file that is associated wilh Ih v ucuired item of rnttciiLiiJue and causes the 
content file to be processed v'exesuteo}. Whea the corneal file is a computer 

25 program, then the downloaded ionl^.i file has htm previously configured to 
automatically cause hocusing cade co :.e executed bef;r: the content file is 
executed. When instead the ocmun: Che is data to \,i input to a computer 
program, then the content player pievioasly configured to automatically cause 
the licensing code to be executed lust before the content file data is processed. 

30 More specifically, the dowiiicace;' : on tent playe.r is installed by the boot 
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program to process the secured (e.g.. encrypted) content file data. The boot 
program then starts the execution of the content player, which invokes and causes 
execution of the downloaded licensing code. Thus, in step 406, the licensing 
code, which is incorporated into either the content file or the content player, is 

5 executed. In step 407, if the licensing code determines that a valid ELC already 
exists, then the content file continues to he processed in step 412, else the 
licensing code continues in step 408, In step 408, the licensing code requests a 
valid ELC from the licensing and purchasing broker 307. In step 409, the 
licensing and purchasing broker 307 determines whether .i purchase is requested 

10 and, if so, continues in step 410, else continues in step 411. In step 410, the 
licensing and purchasing broker X7 obtains a method for payment and 
authorizes the payment method using th^ payment proofing function 309. In 
step 411, the licensing :nd purchasing oroker 307 generates an appropriate ELC 
using the licensing library 310 ar.d the password generation cava repository 308 

15 and returns the generated ELC t:» -h:: 'leasing cede. In .iiep 412, if portions of 
the content file arc encrypted as vail b. 1 ; fuither described, then the content file is 
decrypted and processed. 

As indicated above, w;.en the downloaded >ioured) content file is 
a compute: program, licensing cc ; e *.i automatically Evoked to verify the 

20 existence of, or obtain, a vshd de-v.-jnie license certificate for a requested item 
and to deciypt and execute die eon.:nt fie. One mechanism for incorporating 
licensing code into a cenknt file =uu. that \:: Is auioiviaLcally invoked is 
discussed in defcii with reference -:o i ^:zd U.S. Patera Application Serial No. 
08/792,719, entitled "Meihcd and Sys : .em for Injecting New Code Into Existing 

25 Application Code/' filed on. Jaajar> 19, .997. That patent application describes 
a technique for inserting Lieensij^ cccc in:o an ^iisa;^ application and for 
inserted security code thai uccuveiy .xeuuies the appiicc.:bn coue. The security 
code uses an incremental decryption pi; cess to ensure u./. a complete version of 
the unmodified application cod; s\t\zr 'risible at ,i s y orx time (to avoid 

30 illegitimate copying) . Thus, the 3<xari:y code .luohav.isni described therein 
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makes it impossible for someone, to create an unmodified version of the 
application in a reasonable amount of lime. The insertion technique described 
therein can be used to insert into a content file the licensing code component of 
the DCS client, which communicates with the licensing and purchasing broker to 

5 generate an ELC. Further, the cna-3 ;»tio-i/decryption technique described therein 
may be used in the current context ic incorporate security code that securely 
decrypts and executes the downloaded content file. 

In addition, when content file is dhl?. in be used as input to a 
computer program (such as a content player), then 'die licensing code can be 

10 incorporated into the computer program by invoking licensing code and security 
code routines. For example, an ^plication programming interface ("API") to the 
licensing code and to the increment:-; - . decryption security cede can be provided. 
The content player is programmed (0; configured via Lhe insertion technique 
described in the related patent applualon) to include calls to the API routines to 

15 validate or obtain an ELC and to un3c-;u:*j fe.g., decrypt, the associated content 
file. One skilled in the art will recognise mat any mechanism that automatically 
causes the execution of licensing cAi und security cede) belbre the secured 
content is processed is operable >*ith embodiments of dit present invention. 

In exemplary ernbocir ei.;c. fee DCS c'A&J, I; implemented on a 

20 computer system comprising a central processing unit, a display, a memory, and 
other input/output devices. E*^v.pia:y embodiments of the DCS client are 
designed to operate in a globally n^v/osked en\ifon.aeui, sucn as a computer 
system that is connected ;o the iniszi-.ei. rigure 5 is a liicch diagram of a general 
purpose computer system for pactLk.g embodiments of the DCS client. The 

25 computer system 501 contains £ . :xni/J processing unit \C^O 502, a display 
503, a computer memory (m-in.c;yi :;C5, or other ecu : pater-readable memory 
medium, and other input/output de»x;s 504. Bewinoa-cd components of the 
DCS client preferably reside in the memory 505 and execute on the CPU 502. 
The components of the DCS -hem -.re shown after tho> ha\e been downloaded 

30 and installed on the computer system 50 1 by an executable boot program and 
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after an appropriate electronic Ikrns? certificate has been generated and 
installed. Specifically, the components of the DCS client include the executable 
boot program 507 (SAFEbcot); a user interface library 508 (SAFEULdll); a 
purchasing request library 509 (SAFE3uy.dll); an encrypted content file 510, 
5 which is shown with incorporated licensing code 511 (SAFE.dll); an encrypted 
DCS security information file 512, r/hich is associated with the encrypted 
content file 510; and an electronic licensing certificate 514 (ELC). As shown, 
each library is typically iiT.plunientci ^ a dynamic l\hruy (a "DLL"). In 
addition to these components, whtL hi cn:rypted. co.i:e;;;t file contains data that 
10 is not a computer program, the met, ..:ry 505 contains a content player 513 for 
processing the content file 510, w!iic\ has incorporated licensing code 511. 
Also, WEB browser application cods- 506 is shown residing in the memory 505. 
Other programs 515 also reside in the uicmory 505. One skilled in the art will 
recognize that exemplary DCS ulier.* components can also implemented in a 
distributed environment uherc ;hc; >,^:i-jjS programs tihc v/n currently residing 
in the memory 505 are instead d.siriL^ei aynong several computer systems. For 
example, the encrypted consent ±1L 5^0 may ieside on a different computer 
system than the boot program 507. 

In exemplary embodh.vsrri*. the DCS ssrvei is implemented on one 
or more computer systems;, each conipniir-g a central process: :ig unit, a memory 
and other input/output devices. ITieh A these computer systems may be a 
general purpose computer system, cmiiiui- to diu described in Figure 5, which is 
connected to a network. The seiv^r Litems that comprise dx server portion may 
or may not include displays. The password generation daia repository may be 
implemented using any well-known technique for implementing a database or 
any other type of data repository. Although shown as a separate facility, one 
skilled in the ait will recognize thai" die j-^a repository may be incorporated as a 
component of the computer system iua ii, used to implement the licensing and 
purchasing broke:. Further, or.c ^ih^d :n die art >/in ai:i,o recognize that a 
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variety of architectures are possibV: and can be used to implement exemplary 
embodiments of the DCS server. 

Figure 6 is an example flow diagram of the steps performed to 
generate the components of the DCS client. In an exemplary embodiment, these 
5 steps are performed by a utility program referred to as the SAFEmaker utility. 
The SAFEmaker utility is responsible for generating the downloadable 
components that correspond to an item fo be supplied as online merchandise. In 
addition, the utility generates * ? ( »c rri content f;;e 'hi • c'd-.\ crJy be processed 
when access is granted. This capability is referred to as making the file "SAFE" 

10 (hence, the SAFE-prefix h the re -npo/ient names). Making a content file 
"SAFE" implies that security cods tvd licensing cede, s.vo incorporated into the 
content file (or content player, in :he cf digital content that is not a computer 
program) tc ensure that the online. r:i;rchandise is unable o:i1y when proper 
licensing has been performed. Typkallv, this process involve encrypting some 

15 portion of the content lite. Soi;;e -:;.}v<ponenis gen = r:tt£c 1 ;:;> :he SAFEmaker 
utility are stored on the contcvr; >upe'\V>; server (e.g., eonrtnr supplier server 306 
in Figure3) and are downlead^ <c j.inie :c request; hcni the virtual store 
front end. Other component:; u c =^::cd on the virr; v stca; which may be 
located on a different computer s>- from the coruent supplier sender. The 

20 SAFEmaker utility also updates the pcr.vcvd generatif :.- iata repository of the 
DCS server wldi merchecidisc-sp^cif.;. i". formation. 

Specifically, m jcc^. \vl.. t the aliiivy rrxorpo^ei licensing and 
security code into the supplie* sprain: eiectroriic oor::sr.: u coraom player. As 
described above, an exeiripla;^ ~ml: :d;;:i- e jnt incorporates licensing and security 

25 code according to the techniques d.e^;;,.:)od in the relied U.&. Patent Application 
Serial No. 08/792,719, ea&Ud jJ and System for Tijecrliig New Code into 
Existing Application Code.,"' filed or J.imary 29, 19? 7 o.. by railing routines of 
an API as appropriate fc.j., when a c^.ja, playei is needed). One skilled in the 
art, however, will recognize thaw --.ay x ^jaiquc for oniur.aj, alh proper licensing 

30 code gets excelled when Ihc ^rv.ri is processed L..d foi iAvcrypting (and 



WO 98/58306 



PCT/US98/12686 



20 

subsequently decrypting) the content x:it will operate with embodiments of the 
present invention. In step 602, the u Jl: ly produces one or more files that contain 
the (partially or fully) encrypted content. In step 603 , the utility produces an 
encrypted DCS security information L'le(s), which contain information that is 

5 used, for example, to decrypt the content and to produce a proper license. The 
contents of an encrypted DCS security information file are described in further 
detail below with reference to Table 1. in step 604, the utility creates a 
component list file (an ".ssc" file) anc a download file for this particular online 
merchandise. Specifically, in an embedment that siaiiedly generates download 

10 files, a sell-extracting installation tile is generated (the download file), which 
contains the component list file (an ''..ssc" file) specific tc the merchandise and 
the executable boot program. As uescribed above, the download file, which 
contains the executable boot program and the component list, is typically stored 
on the virtual score computer system. The executable boot program uses the 

15 component list file to determine 'Jit components to -ovmlcad and to download 
them when particular electronic ecme:j*.: a re^uesiid. An exampie component list 
file is described further below with reference to Table 2. In Jiep 605, the utility 
stores the download file on the virtual .-tore computer system (.?.g., virtual store 
304 in Figure 3). When instead the uwV/n!oad files are dynamically generated by 

20 the virtual store when needed for a par;*]cular WEB page, then in steps 604 and 
605, the utility creates arid stores omy the component list file. In step 606, the 
utility stores the other components of ihe DCS client, for example, the encrypted 
content and DCS security infor;r.a:.a, files, the licciis'rig ;ode, and the user 
interface library on the content auppi.^r server system {e.g., content supplier 

25 server 306 in Figure 3). In s;cp c07, ue utility updates the password generation 
data repository (e.g., password gen^a^on database 308 in Figure 3) with the 
merchandise- specific licensing in&rma'doii, for -xunvple, the fields used to 
generate the license parameters of a valid electronic license certificate, and then 
returns. An example; password gener^on data reposiioty is discussed in further 

30 detail with reference to Tables 3, 'I, and 5. One skiiLc in ths art will recognize 
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that the generation of these components and the password generation data may be 
performed at different times and by separate utilities. 



Field Name; 


Type: 


Commerc e S erver 


String 
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ouing 
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Con tactOrderEmai 1 




ProductName 


String 


L ic enseFiiename 


String 


Lie ease AdininDir 


Suing 


Dev^l operrld 




Sec."etKey 


Binary Object 


Active Assistants 


integer 


FeatureNa'rr^ 




FeatuieNu ruber 


'Integer 


HostldTypeList 




integra do riType 


integer 



I; Mel 

Tabb 1 \r. an example ! : 5t of fields that may be included in an 
encrypted DCS security information fiis. For each encrypted content file (or set 

5 of files), the supplier provides fields that are used by a virtual store to download, 
license, and purchase the associated electronic content. The data in the encrypted 
DCS security information file is encrypted separately from the content file to 
enable multiple items of merchandise to share purchasing, licensing, and 
decryption information. This cupab.:i / is especially useful when the items are 

10 provided by the name sonte it siopUr servr_. Thus, a -ingle encrypted DCS 
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security information file may be associated wixh more than one encrypted content 
file. In addition, each field in the DCS security information file is encrypted 
separately. By separately encrypting each field, purchasing or licensing 
information can be changed without having to re-encrypt the content file or the 

5 rest of the DCS security information file. 

Specifically, in Table I the CommerceServer field indicates the 
location of the licensing and purchasing broker (e.g., the network address of 
licensing and purchasing broker 2i7 in Figure 3} to be used to license and 
purchase the merchandise. (In embodiments of the secure digital commerce 

10 system, one or more consent suppliers, licensing and purchasing brokers, or 
payment processing functions, maj' be: utilized.) The PrcductSKUId field is a 
specific identifier associated with a vision (each executable) of a product for a 
specific reseller (virtual store). For the purposes of example, exemplary 
embodiments assume that a produc: mzy have multiple versions and that each 

15 version may be packaged differently Spending upon the purchasing option (for 
example, trial use versus full purchase). In addition, more :han one reseller may 
offer a version of a product The 7;:>ductSKUId field is used to identify a 
password configuration \able to be as>d to generate a 1 .: electronic license 
certificate and is discussed further below. The ProductUUID field is a specific 

20 identifier associated with each version of a product regardless of vhe reseller. By 
using an identifier that is specific to t'/.e product version a:n:l not to the reseller, 
the digital commerce system can tnsa.w ihat u customer oho licenses a version of 
a product for (one time) trial use ma> L Ji utilize multiple resellers to obtain more 
than one ELC for the same version. \u addition, dais identifier is used by the 

25 licensing code to locaie the associated DCS security information file and is 
associated v/ith various iiceasing-spec.iic information. For example, clock data 
can be stored in a system registry indexed by ?;oduuUUiD to ensure that "time- 
bomb" protected content is x:oi defeated by resetting the clock io illegitimately 
process the content. The UiLib^uoii inaicates che location of a user interface 

30 library to be used for purchasing the o:erch&v;aise. Tae EnvfyPoint, ImageBase, 
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EKey, ECode, DataSize, NutnbevRc ^.cations, and Relocations fields are used to 
support the decryption of the encrypted content file(s) and to determine the 
relocation information when the center* file is secured using the technology of 
related U.S. Patent Application Sena! No. 08/792,719. If an alternative licensing 

5 and encryption scheme is used, then thsse fields would be modified accordingly. 
The ContactCompany , Cor: .actAddress, ContactSupportPhone, 
ContactSupportFax, ConractSi; pportEmail, ContactOrderPhone, 

ContactOrderFax, ar.d CoiuaciC:"dv.iIl:::ail fields refect supplier dependent 
information that can be displayed in dialogs presinle j jy the virtual store 

10 depending on the use/ interface behg employed. The DeveloperlD and 
SecretKey fields are used to create a symmetric key to decode the electronic 
license certificate generated by the lhcusing and purchasing broker. The other 
fields are used for other similar licensing and purchasing functions. 



<Execute 

TRIGGER = '^Prograi'rii-^esDir^winzipWinzipSi.exe" 

URI ---- ?, http. ;/ ct .".^r/er^roducis/v/rr ;v ?3 2 'winn ipsetup.exe" 

MSGDIG = ,, NDLsrKcS36YbugITP4yUjv8PSfk=" 

ProduciUUlD = 1 V/JNZIP-diino-OOOO'' 

NAME - "WinZip 6.?" 

DESCRIPTION - "WinZip 6,2 * 

LOCAL - "<P~oera.;n] 7 i]esDi<>\winzir> , \5f.tnx-:x: n > 
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I'&jle 2 



Table 2 is an exatrpK- of the coniems ;>f a single entry in a 
componeni list file. In an exemplary evnoodiment, each icon in me virtual store 

20 that corresponds to an item that can be purchased and distributed online is 
associated with & component list file (m .ssc file). Within each component list 
file there is an entry similar to that shown in Table 2 for each component that is 
to be downloaded when the associated ;.em is requested. For example, if there is 
an item-specific encrypted DCS securvty information file and an item-specific 

25 user interface library that arc vj be: </V nioaded ;:o purchase tiv: requested item, 
then there are entries for each such oono jnent 
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Each entry contains *$. lag that specifies how to process the 
component when it is downloaded and sufficient information to download a 
component if the file indicated by the TRIGGER field is not already present on 
the customer computer system. Specifically, the tag (in this example "Execute") 

5 specifies what to do with the component referred to by the LOCAL field once it 
is downloaded. An "Execute" tag specifies that the component referred to by the 
LOCAL field (e.g., "setup.exe") will always be executed. A "Component" tag 
specifies that the component refen^a to by the LOCAL field is to be downloaded 
with no further processing. An fc TAeur:eG;f:c£" i£g specifies that the component 

10 referred to by ;he LOCAL fieia is to be executed only if the file referred to by the 
TRIGGER field does not already exist. The TRIGGER field of each entry 
indicates the location of a file that is pr^ssnt when the component does not need 
to be downloaded. Thus, the TRIGG "R field is used to detsmiine whether to 
download a component. The UVA " ; t\d indicates the location of a content 

15 supplier server that can provide ihw .r^or.ent. In addition, :hs MSGDIG field 
contains a message dige*;*;, which i: ,.:cd to de*;^ ::mluz whether the component 
has been successfully loaded. Use of the message digest is described in further 
detail below with respect to Figure 8. The ProductUULO, NAME, and 
DESCRIPTION fields indicate kle;i:J/hg inforaaticn used by the licensing 

20 code. When present, these fields ait ypically stored in a system registry and 
used by the licensing code to de£e:.vdL. which DCS security information file to 
use for a particular content file. Li ^JHion, Che kaaIL ficM may be displayed 
by the boot program executable to gL. user feedback regarding die component 
currently being downloaded. The LOCAL field indicai.es a target location for the 

25 downloaded component on the euctoine ■:• computer system. 

Figures 7-13 describe in archer derail die stcp3 performed by the 
secure digital commerce system to per ;tm die licensing and purchasing process 
presented in Figure 4. One skills d ; l ur: vvill recogri^c that thsse steps can be 
performed in c±^r ovdsri Lud l:> ^'lire^t compohuuti dian those presented 

30 herein. A& a preliminary ma.^r, ti t: easterner Lr^t :;av'gatcs ro a virtual store 
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WEB page in order to request an item for purchase Figure 7 is an example WEB 
page of a virtual store used to ourchr-.se electronic data, which is executing on a 
customer computer system. (Display of this WEB page corresponds to step 401 
in Figure 4.) WEB page 701 contains an icon 702, which, when selected, causes 

5 the "WinZip 6.2" product to be licensed md optionally purchased. Text area 703 
contains descriptive text to aid a customer in making a decision to license or buy 
the WinZip 6.2 product. Pushbuttons 704 enable the user to explore other 
merchandise available for licence .itui pi ^ohasiiig. 

When the customer recasts an item of merchandise to be licensed 

10 or purchased (for example, when the mer selects icon 702 in Figure 7), then the 
virtual store downloads: and potentially initiates vhe execution of a boot program 
associated with the requested merchandise (see step 403 in Figure 4). 
Specifically, each merchandise icon i linked (anchored) to a merchandise- 
specific download file, which is .= fn; stored on (or generated by) die virtual 

15 store. Ir> one stnbo&v joiiL, :lie v "oid "le is ' sslf- extracting file that 
contains: extraction code, a Iviucer hcicates lie sire 5 the boot program 
which follows, the bcci progr£/:;i (pr:!erabiy cornpas^j, and die appropriate 
component list file. The dovv:ikac r :l : :an be geneat^d statically using the 
SAFEmaker utility described above >. can be gcneraKi dynamically by the 

20 virtuai store when it downloads v. Yvl J £ page that include:: the icon that is 
anchored to the download flU. Whe; :he customer sheets merchandise icon, 
the custoraei Is qaeriec hv.sJjCl io • . .;.;;.d and store or 1 dov r.lcad and execute 
the anchor file (indicated by link;. "•■ nen d;e user ^ ;j ika£ vhe download 
file is to be executed, ths cxt):aclio^ of the do\v:v.oad file li executed, which 

25 causes the component list (the \j -c" ii'Sj to be extracted mi boot program 
executable to be (potentially cece-rap/^iui.) extracted _„.J executed. One skilled 
in the ait will recognize that any rvieeL.-tiiini for asocial*. :g a i icon with a boot 
program and foi causing tlae booi j^.ram to be do^^aae;! and executed is 
operable with the secuie digital oo.i. -.v, - sysi^. 
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Figure 8 is arc example f! nv diagram of the steps performed by a 
boot program executed on a custom .' computer system to download client 
components when licensing a selected item of merchandise. (These steps 
correspond to steps 404-405 in Figure 4 ) The boot program is implemented such 

5 that it downloads only the compo^r its that are necessary to license (and 
optionally purchase) the selected iter.;. For example, if the user interface library 
to be used to purchase the selected i*em is the sarns library as one already 
downloaded, thra it is not devvniok;'^ ^gaii;. In additio n ;he boot program can 
recover from a failure during the La;.', process and cau resume downloading 

10 where it left off. The boot program . -jcc/mplishes th^ss objectives by using a 
message digest algorithm 1c determine whether a coiupxem has been 
successfully downloaded onto a jusvri-v compute sysj'ier i. 

Specifically, in step SC.. Me boot program * r.dds fhs component list 
(the '\ssc" file) associated with iLe ?e :cted item ::f r^'chandise to determine 

15 what component io download from - : j;c;Red conte:ti i-.-pplief sender. In steps 
802-308, the boo: program executes „ l,:op i:o process ea; 1 ;, renaming component 
in the component list that ha* uci ahead/ been successfully downloaded. 
Specifically, in step 802, the boo. pi::_aiu select Ihe next eompo^ent from the 
component list that appears foil ji\iv.g /ac last success^y .erd component. In 

20 step 803, the boot program deiemin^ /hether all of die ieLiumng components 
of the list have been processes, and ;f remrns, else .xviunuei in step 804. In 
step 804, ihe boot piograin dc xs whedici the fik Indicated by the 
TRIGGER field is already present. If ;ici, the bee; piogram obtains the 
component indicated by the URI \dje from ihe ccr^n: supplier server and 

25 stores the obtained component as hid^^ed by the LOCAL value (see Table 2). 
In step 305, the aoot program ca.CuLi.^ a message diges: .the value of a one-way 
hash function) for the" downloaded i.onvpOiient. in step cCS, the determined 
message digest fox the newly dov; leaded component :s compared with a 
previously stored message digesi \*\ .... component iuv (&c2 the MSGDIG value 

30 in Table 2). In an exemplary cmbodnriCiU, an MD5 algorithm is used to calculate 
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a message digest. However, one skiMed in the art will recognize that any 
message digest algorithm or any function capable of determining a predictable 
value for the downloaded component for comparison to an already stored value 
may be used. The MD4 and MD5 algorithms are described in Bruce Schneier, 
5 Applied Cryptography, John Wiley & Sons, Inc., 1994, which is hereby 
incorporated by reference. In step 807. if the calculated message digest is 
identical to the stored message digest, then the boot program continues in step 
808, else continues back to the bsgi'ving of the loop \>\ s-ep 802, because a 
failure has occurred in downloading the component. In step 808, the boot 

10 program sets an indicator of thi si .^essfully read cor.poiient to indicate the 
component most recently ioade?. 509, the Noot program processes the 

component according to the kg (eg ''Lxecirre"), and cev.Ur. \:es back to step 802 
to select the next component to do A-Joid. Note that the tug associated with each 
component entry will automatically f.ne the secured oontert file (or the content 

15 player, depending on the situation, tv [ t,Li: executing. 

One skilled in the aL ' dT recognize thit differ:* it behaviors will 
occur when xhz. content file (or ^oziV-^ y layer) begirt c;u:: z.;f^ depending upon 
the technique used to incorporate 1 : : .'"censhig codi ai,: o^ryption (security) 
code and depending upon !hc cfi.r^ptio^Iecrypi'on .^ha^u:; used. For 

20 example, as described ki further a\ related \JZ. ?::;:r.: Application Serial 

No. 08/792,719, when using thi ii, uLon technique lo.>cri'3ed therein, the 
execution of u;e encrypted content \ : . will auio;n£.:i.ea/iy cause the licensing 
code and (eventually) the ^curix, c ±l vj be execute.,;, a ic^iit of injecting a 
licensing DLL into the eomsnt fit.:. GpecifeLy, a ''DLLMain" routine is 

25 automatically invoked wh^i lie ,;: code libr^o '.i IcLde^, v/nich in turn 
executes the actual licensing c^it, A./ ^ licensing wi. ; scutes, the security 
code stored in the encrypted cuilerr au 4 ;mancaliy exicu;;^ because it is inserted 
into the content file imrnedkicL lb ! r .uig (a refer £ j/.ct -e)"the licensing code. 
Thus, the licensing code and the >L<;;j r p:ion cede cie automatically executed 

30 before any supplier-specific outem ..i executed, 'i'he secj.riry code in an 
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exemplary embodiment decrypt;:; the t ^rypted eoriterr ; in:rensentally in order to 
prevent a fully decrypted version of th content to be p/ssmt in its entirety at any 
one time. A similar procedure is used when the content phryer invokes the 
licensing and security code with an e^ceMion that the licensing and security code 
is explicitly invoked and knows how -o locate the content file and to decrypt it 
incrementally. 

Figure 9 is an example f ew diagram of licensing code that has 
been incorporated into an eneiypL 1 .:* c/:^! file. Simitar ; ode ii ineoiporated in 
a content player by calling appiopr-.ute routines. Tlr^ :ieeri3*«ug code will be 
discussed for purposes of example relet* ve to an encrypted extent file. In one 
exemplary embodiment, the licensing; <: de is provided hi a dynamic link library, 
such as SAFE.dll 511 in Figure 5. (T ; \e steps of Figure 9 correspond to steps 
406-408 and 412 in Figure 4.) Each time tha encrypted content file is executed 
by the customer computer system, the licensing cede if; pr^Vrably automatically 
executed. The licensing coco is n .pu:.}j;o~e for dc:.m; irking whether a valid 
electronic license certificate rs aMhJj.e and, if so, blowing execution of the 
content, otherwise forcing the customs to license die Item from the supplier. 

Specifically, in Step 901, he licensing cede determines whether a 
valid electronic license certificate (^ELC") ;s available. The ^eps used to make 
this determination are discussed funhei below with reference ij Figure 11. If a 
valid ELC is available, then iee lice-siiig code continues ir, s^p 909 and skips 
the licensing and purchasing process, continues m step £C2. In step 902, the 
licensing code loads the user mlcaac; horary associated with ihc component and 
obtains a purchase option from ihe customer, such as "rent- ao -buy," "buy," or 
"try. 55 The purchase options assist in determining ihe parameters of a valid 
license. An example interface for ooU-;iing this information is described below 
with reference :o Figure 10. The licensing code obtains the usei interface library 
name by retrieving the [JILibKame fieid n*om the DCS security information file 
associated with the produce. The assoc. aicu DCS secmiiy inio.mauon file can be 
determined from the ProductLJiD, which was previously stored in the system 
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registry by the boot program during the component download process. In step 
903, the licensing code determines whether the customer has indicated that a trial 
purchasing option is requested and, if so. continues in step 904, else continues in 
step 905. In step 904, the licensing code sends an HTTP request message to the 
5 licensing and purchasing broker (e.g., th? licensing and purchasing broker 307 in 
Figure 3) to provide an appropriate license for trial use of the product, and 
continues in step 908. In step 905, the licensing code determines whether the 
customer has indicated a purchasing option io purchase the ccntent and, if so, 
continues in si^p 906, eke continues : t. .step 907. In step 906, Che licensing code 

10 sends an HTTP request message lr> the licensing and purchasing broker to 
purchase the content, and continues in ylep 908. In step 907, lbs licensing code 
determines whether any other cype of Focusing or purchasing request has been 
indicated by the customer and sends an appropriate HTTP request message to the 
licensing ar.d purchasing broker. For example, other ree<uer;s associated with 

15 rental use or oilier types of pu:C:^n^ options may be suppxted. The processing 
of these HTTP requesi messages hy ihe licensing and purchasing broker is 
discussed further belov/ with respect :z ? ; gure 12. In sup 9G&, the licensing code 
receives a valid ELC from the heen^Lig ar.d purchasing broken stores it, and 
continues in step 909. The ELC may b • stored in any area that is accessible to 

20 processes executing on the customer rjniputer system, sreh a3 in a system 
registry. In step 909, the licensing code :aures the decry pii or. and execution of 
the licensed consent, a^d re^ni, 

hi an exe^pkv;, ei^ojimenl, the uce-is^g code uses an 
intermediary library function (stereo. m 5 for example, .he 2AFE3uy.dll 509 in 

25 FigureS) to send the putcr.dsing ^c^st of step £06 u; ike licensing and 
purchasing broker. A separate Jibraiy \t useful in sceneries where other types of 
programs (other than virtual st^ie:.;) d :si. •„ ■ o utilize the purchasing capabilities of 
the licensing and purchasing broker. The iibraiy vanov x. provides a unique 
transaction identifier thai eai. be us :U co identity /he particular purchase 

30 transaction ai a further time. Such capability h use La!, for example, to later 
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cancel the purchase. One skill J n t: e * ri will recognize that ;..uier organizations 
of the licensing and purchasing support : :*dc are also poseibb. 

Figure 10 is an example display screen presented by a virtual store 
to determine whether a customer desires to license a product foe trial use or for 

5 purchase. This display screen may be used to implement step 902 in Figure 9. 
When the customer selects the "Try" pushbutton 1002 in Figure 10, then the 
customer has indicated that trial use of the product is desired. Alternatively, 
when the customer selects tli:; t£ Bu;^ pushbutton 1 003 rn Figure 10, then the 
customer has indicaredxhe desire 1c pjiVjuse the product. 

10 Figure i 1 is an example flow diagram of the steps, performed by 

licensing code to determine y/he.ncr d valid electrode licensing certificate is 
available. In step 1101, the code retrieves, decrypts, and decodes ihe electronic 
licensing certificate (ELC) to obtain parameters of thu -icense (e.g., the 
license terms). The license parameters Cat are obtained in step i 101 indicate, for 

15 example, how many use^ jf a pauiciiai dcenss can be excelled or, tor example, 
hov/ many different user pas^v;o A ds ire able :o use ii\te smni electronic license. 
In addition, license parameters ihut Kike, an authorized Line period for use may 
be specified. In srep 1102, ike cede :esrs various atirbuiea cf the customer 
computer system to detennine vviietke;; ths conditions indicated by the retrieved 

20 license parameters have beer. met. in ^iep 1103, if all or the conditions have 
been met (for example, the license us. period has net expired), then the code 
returns indicating thai a valid lie^n^ i, m effect. Gtnevwii,^ the code returns 
indicating that the current license is iK/turd. 

in an exemplary embea:m^u, the ELC u: encrypted and decrypted 

25 using a symmetric key algorithm. A symmetric algorithm implies mat the same 
key is used to encrypt a piaiitftxi musses and tc decrypt a ciphertext message. 
Any symmetric key algorithm could be used. Symmetric and public key 
cryptography, both of which a;e uU'li^d by exemplary embodiments of the 
present invention, are described ir detail in Sxuce Schneier, Applied 

30 Cryptography, John Whey & Sons, mc, i&94, widen is nerein incorporated by 
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reference. According to one technique , the DevelopsrlD an-: 1 SecretKey fields 
(stored in ths encrypted information Vs. \ &re used to formulate a symmetric key, 
which is client and product specific. TLese fields are provided by the supplier 
when the SAFEmaker utility is executed to produce the components of the DCS 
5 client (see Figure 6). Because- the encryption of the ELC is provided by the 
licensing and purchasing broker and Ihe corresponding decryption of the ELC is 
provided by the licensing code, the encr /ption and decryption code are preferably 
synchronized to correspond to jui z; a .her. For this ie^son, a separate dynamic 
link library [e.g., passgerhdr.) h used t / the licensing and purchasing broker to 

10 allow the encryption algorithm io oe .eplaced at any ia.t to correspond to 
different licensing code. 

Figure 12 is an exampb fov diagram of the steps performed by a 
licensing and purchasing broker of tue s scare- digital commerce system. These 
steps are executed in response to leci-vi^g an HTTP icjuesc message sent by die 

15 licensing code in step 904 or 906 .,r. ngino 9. As described earlier, vhe licensing 
and purchasing broker ^;/:era::L v L' u password generation system (e.g., 
passgen.dll and vhe data reporiior y) ana payment processing f jnctions to license 
and pu/ chase an indicated item of merchandise- In summary, when the licensing 
and purchasing broker receives a utqjtu to buy an item, it perfonTis appropriate 

20 payment processing to perform a purchase. When th:j licensing and purchasing 
broker receives ei:her a request to try Oi z. request tc buy the nznv, the broker uses 
the password gener&uori system to <p- .irate an ILC tc* return :o the licensing 
code. 

Specifically, in ivep 120;. die broker dttennL.es whether a buy 
25 request has been received and if so, ccr_:mues in step 1202. eise continues in step 
1206. In step 1202, vhe broker CaU:.;s ihe licensing -odt (specifically, the user 
interface library routines) executing .he customer computer system to obtain 
credit card or purchase ordsr informed on it' such information was not already 
sent with the request. A sfcinpi;. use i. .efface for obtaiivu*g method of payment 
30 information and for verifying uie pa revise transaction are described below with 
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reference to Figures 14-17. Once the c t edit card or purchase order information 
has been obtained by the licensing and purchasing broker, then in step 1203 the 
broker obtains payment authorization from a payment processor such as the 
payment processing function 309 ir Figure 3 and informs the licensing code 

5 accordingly. One skilled in the art will recognize that any mechanism for 
authorizing use of a credit card could be used. In step 1204, the customer's 
credit card account is charged, and thf supplier system is automatically credited. 
One skilled in the art will recognize t\vr the licensing and pLrcHsing broker can 
either credit the supplier directly ic this time by sending the appropriate 

10 information to the credit care company, or can have the credit card company pay 
the licensing and purchasing broker, vv Ni '*h b turn is responsible ibr payment to 
the supplier. In step 1205, the bro^s" informs the licensing cede of payment 
authorization and continues in step 7 207. An example user interface for 
reporting the transaction identificsrth.i >;n>iinatioa to the customer is described 

15 below with reference to rigure II'. i has r\o; bs?n authorized, then the 

broker returns such i:nfo;maucn i:\ L l '„ :ic:.nsh;g code, dhcor^uies execution of 
the steps in Figire 12, and foils 2,c*x.ri:'si a valid ELC. 

In step 1206, the 'r/roktr ^termin^s v. he tlx: ii has received an 
HTTP request message that indicate x:>d use is desired a.:/, if so, continues in 

20 step 1207, else continues in step 1209. In step 1207, in ordei for the broker to 
generate; an ELC specific Iho w..et* a:/;d to the indicaicd product, certain 
information is typically uent by the l".r. shj £ ; cod;: in .'.u; !7T? equest message. 
Specifically, informatb;. ihat uiiiqae-^ uki.ines ths, user aid product version 
is provided. The broker uses tli. rr.ei.vcd product version identifier (the 

25 ProductSKUId) to retrieve fioiu , • : iioii table a eo.v^o^ding password 
configuration identifier (pasi*^ci:Gy*i:(;. Once the past-o j rfig-id is retrieved 
from the version password geneiado., diU. repository tabh% ihlu identifier is used 
as an index into a password cova^u;;^..^ ladle to deVcrmvM set of fields to be 
used to generate the license pa.umLA~ of the ELC. (Gee ^ill recall that the 

30 fields stored in the password gjctt^x* .ables were ipcc.£ied by the supplier of 
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the content in conjunction with the SAFEmaker utility.) An example password 
configuration table is shown below as Table 3. A table with potentially different 
fields exists for each unique pass-coifig-id. Because multiple versions of 
products and multiple products may use the same pass-confi.R-id, they may share 
5 a single password configuration table This attribute may be useful for example, 
if all the products from a particular supplier have similar electronic licensing 
capabilities. In step 1208, an ELC is generated based upon the fields of the 
determined password configuration Xi bl rsrng a uy "metre key formulated from 
the Secre-Key and DeveloperlD fields the encrypted information file and an 

10 appropriate encryption algorithm, as dv'zussed earlier For th=- purposes of this 
specificatio:a, the ELC rr.ay be vi-'we i a v^ry long lumber whkh encrypts the 
license parameters indicated by the f *]c? In the password :or c guration table. In 
an exemplary embodiment, the c:r;b jsc \o perfomi steps 12C' 7 »1208 is provided 
in a separate code module (tj.g.. ps.-sgnn.dl!.) so that the password generation 

15 code, irxluding the encryption awd c^;:ypho/; algcr.tr:^ ; -an bo easily replaced 
in a licensing and purchasing broker. 

In seep 1209, d;e broker v/DC&sses any a;her :yp^ of purchasing 
option, for example, a renting cpvi':r... ird generate n app::;;ariate ELC in a 
similar fashion to steps 1237-i20 : .. -;i \ep ±2 10, the brjkz; J urns the generated 

20 ELC back to the; licensing code c,:ec; :L; ^ :>Vi Lh^ customer cc/Tipaxcr system, and 
then returns. 

Once the Hceasd^ 2 ^-chasing bn.Vxr ha., completed its 
generation and return of a valid e' colonic license; certificate, the requested 
merchandise is then piocesstd as desc::* 1 1 hi step 412 cdFigcvc 4. Figure 13 is 
25 an example display screen ef the: V:.o.T> r 6.2 program, vvh/.b -was selected for 
purchase in Figure 7, \rhe:. it e completing tb^ hewing procedures. 

Figures 14-17 pro dde saiMple asex inU^ldee dispky screens that 
are displayed by the licensing code (-'.a the user interface libraiy) to retrieve 
method of payment information Icj-. display sci^j;^. may be presented in 
30 response to requests from ihc licer.i'ing and parehasmg broker for more 
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information. The particular display screens presented are determined by the user 
interface library that is associated with the downloaded content file or by a 
default user interface available for the virtual store (see e.g., SAFEUI.dll 508 in 
Figure 5). As mentioned, the appropriate user interface library is determined by 

5 the licensing code from the UILibNamc field of the DCS security information 
file. Figure 14 is an example display screen for selecting a particular credit card. 
Figure 15 is an example display screen for entering a password for a selected 
credit card. Tne credii: c^ird ca*:a is s^it r o tV e licensing and purchasing broker in 
enciypted fcrrn. In an exemplary embodiment, the credit c^rd information is 

10 stored on the customer computer system using a secure technique. One such 
technique is known as "wallet teclmoh-ry " Wallet technology is an ActiveX 
control supplied by Microsoft Corp., wrich encrypts credit card information on a 
client's hard disk and kseps tra:-k of a" credit cards. Fig-Are 16 is an example 
display screen for adding a n:;v cnv.lii card. Figure 17 ss in example display 

15 screen far allowing a cusiorr^:* i«. vo^r au niter.: *e parthf afbr supplying a 
method of payment The display sciee \ includes pricing information, which is 
supplied to the licensing code by the hunting arA purchasing broker using the 
password generation data repository." Once the user lvd-x selected the Buy 
pushbutton 1702 in Figure \1 indicat-.it agreement to purchase the merchandise 

20 at the displayed price, rhe crcdii ci.u (or purchase orc^r) information is 
forwarded to the licensing uud pLLc_:a^g broker. ^ig>:re IS is an example 
display screen fcr indicting Ih'A a p-./; ; ->i;.*ig Uanaacf : jh ' ax.h authorized by 
the licensing and purchasing c:: Ati and <lu, particular 'j;aiic£.cucn identifier. 

Communications berwt,e : DCS client components and the 

25 licensing and purchasing broker preferably performed using a secure 
communication methodology. Figrr- S is an example clock diagram that 
illustrates one technique for cnsuiin^; .eoure commLrdci ion between a DCS 
client component and a licen^i^g c \ jjfc.sing irroker. .'«J;;:ugh Figure 3 may 
imply that the downloaded ^iv.po. ~ comvuunia -.t \viLh licensing and 

30 purchasing broker to request iiceivjir.^ and piizdusnig u,:J :o receive the 



WO 98/58306 



PCT/US98/12686 



generated ELC, one skilled in The av u hi recognize ilia: it is also possible for 
these components to communicate via l server associated with the virtual store. 
In Figure 19, communication between ;he client components (clients) 1901 and 
1902 and the licensing and purchasing broker 1903 depends upon secure key 

5 exchange. Secure key exchange is acc »nplished by sending a client-specific 
symmetric key using a puhiie/privaL key algorithm. The client-specific 
symmetric key is used solely for ccrm nunication between Liat client and the 
licensing and purchasing broker. Cyclically, a separate communication 
session-specific symmetric key ie provided by each client for each 

10 communication session and is sent to Lie licensing and purchasing broker 1903 in 
a session initiation message using ihc o.'oker's public key. One technique for 
distributing and obtaining the broketA public key is ic use a commercially 
available digital signature service, sum ,s Verisign. Because the broker 1903 is 
the only process that knows its own pi //ate key. the broker 1903 decrypts the 

15 session initiation message using its pnv^.e key a^d retriev es the chant's session- 
specific symmetric key. Thereafter, alJ messages from die Dicker 1903 to the 
client 1901 are encrypted by the b;ok^ j903 using the client lfJOTs symmetric 
key. Client 1901 is then able to decr/pi -t received message using the symmetric 
key that it initially generated and senv u, .Ia- broker 1903. Cilsri: 1901 encrypts 

20 messages to send to rhe broker )9JZ l so using client 1901 s symmetric key. 
Similarly, the client 1902 sends its own ;n.vrypted symmetric key to broker 1903 
using the broker's public key. The- brcier 1903 in tur/j communicates with the 
client 1902 using the client -specific symmetric key iha; coi responds to client 
1902. 

25 One skilled in iht ar: \ in recognize dist aivy algorithm for 

generating a symmetric key may be u-.Lied. One skilled in the art will also 
recognize that any symmetric cxyp^oyiyhie algorithm mat utilizes a symmetric 
key may be used to encrypt and deciyy*. the messages. ?or example, the DES 
algorithm, which is described k: ecu J in the Schneie/ u;feicncc, could be 

30 utilized. In an exemplary embodiment, RC5 algorithm, which u a proprietary 
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symmetric key algorithm available fro:;- <SA Data Security, Inc., is utilized. In 
addition, any cryptographic algorithm that uses public/private pairs of keys may 
be utilized to implement the technique described with reference to Figure 19. In 
an exemplary embodiment, the public/private key pairs are generating according 

5 to the RSA public-key algorithm. Th/s algorithm is described in farther detail in 
the Schneier reference. 

Figure 20 is an examp-r encrypted message data structure for 
sending encrypted messages bctv/eev a 3CS client co.7iponr.it and a licensing 
and purchasing broker. Plaintext menage 2001 is e^r/pied as specified in 

10 Figure 19 and stored according to the layout of ciphervexi massage 2002. 
Ciphertext message 2002 contai/js a message digest 2C03 and an encrypted 
symmetric key 2004, which has bseij enciyptcd usmg tie licensing and 
purchasing broker's public key. In action, field 2005 contains the message 
content, which has been encrypted using the symmetric ke<; thai is sent in 

15 encrypted form h: field 2004. 

Tables 3-5 are eiiaiApI; ^.vivvord generation :ab-es stored in the 
password generation data repository which is used by the licensing and 
purchasing broker to generate ebciTo/.ic license certificates. 
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Password-Con iugu ration Tabl e 



F U:1U 




pass-config-id 


XT 'L 

Varchar 


pass word- vers ion 


Int 


secret-key 


Varchar 


developer-id 


V archar 


expire-password-in 


Varchar 


start-date 


Varchar 


password-output-scheme 


Int 


developer-info 


Vareher 


concurrent-code 


Inl 


Licenses 


Int 


sofi-licenses 


IiU 


program-executions 


Int 


flex-nodelock-machines 


Int 


maximum-usernames 


Int 


release-number 


Int 


minor-release-number 


Int 


hostid-type 


Int 


misc-info 


Int 


min-hostids 


Int 


max-hostids 


Int 


msturxes 


lnc 


emergency-id 


Varchar 


feature-type 


int 


feature-hst 


Varchar 



Table 3 is an example password configuration table. As described 
5 earlier, a separate password configuration table is provided for each password 
configuration identifier (pass-config-id). There is a version table in the data 
repository for translating between a retailer specific product version identifier 
(the ProductSKUM) and a corresponding password configuration identifier. The 
fields are used to generate the license parameters for an ELC that corresponds to 
10 the determined password configuration identifier. One skilled in the art will 
recognize that any fields coule he slo;:d in the passv/ord configuration table. 
Further, any algorithm for combining /.he field? in a determinable fashion to 
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encrypt them into a single code that cat;, be decrypted without losing information 
could be utilized to generate the ELC. 

Generated-Passwords Table 

Fiel d T ype 

pass-config-id Varchar 

user-id Varchar 

generation -type lnt 

date -generated datetirne 

password Varchar 

Table.4 

Table 4 is an example tab^e of the actual passwords generated for a 
5 particular password configuration identifier (pass-config-id). One of these tables 
exists for each password configuration identifier. Further, both normal 
passwords and emergency passwords (discussed below) are stored in this table. 
User identification information is also included for each generated password. 



Emergency-! 


'assword Table 


Field 


Type 


eniE<:%ency-id 


VarrJtar 


user-id 


Varchar 


pass-config-id 


"Varchar 


start-hour 


Irt 


end-hour 


Tnt 


start-mmuce 


hit 


end- minute 


lnt 


stan-day-numb cr 


Int 


end-day-number 


lnt 


sta^ -dale 


Int 


end- date 


Int 


start-month 


tnt 


end-month 


lnt 


start-year 


lnt 


end-year- 


Int 


start-week-number 


lnt 


end-week number 


lnt 



Tiule 5 
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Table 5 is an example emergency password table. An emergency 
password table is used by the licensing and purchasing broker to generate an 
emergency password when a customer has for some reason lost a valid ELC (and 
5 potentially the merchandise), but has been previously authorized to use the 
merchandise. Emergency passwords are particularly useful in a scenario where 
the customer is unable to reach the supplier of the merchandise using available 
contact information. For example, if the customer's hard disk is destroyed during 
a weekend, it is useful to be able to re-generate a valid ELC and potentially re- 

10 download the merchandise to allow the customer to continue to utilize an already 
purchased product. 

More specifically, the virtual store supports the creation of software 
on a removable medium, such as a floppy disk, which can be used to recreate the 
merchandise. When the customer's system hard disk fails, as part of recreating 

15 the system, the customer runs a merchandise recovery program from the 
removable disk. The recovery program hzs previously svored the boot programs 
and the component lists associated with the merchandise already purchased so 
that the relevant files can be resurrected. In addition, the recovery program 
attempts to create a new ELC using the normal password configuration table 

20 (e.g., Table 1). However, if die fields stored in the normal password 
configuration table do not allow for the creation of a new ELC for that user (for 
example, the number of uses remaining :rz 0), then an emergency, temporary 
password is generated. The fields shown in Table 5 are used to generate the 
emergency. ELC when the norma! password generation table -will not allow for 

25 the generation of an additional ELC. In that case, an ELC is generated that 
expires within a certain amount of time, for example 24 hours, to ensure that the 
customer calls the supplier s customer service number as soon as possible. The 
fields of the emergency password tabic are combined to generate an (encrypted) 
ELC in the same manner described with reference 10 Table 3. Emergency 
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passwords once generated are also stored in entries in the generated password 
table, Table 4. 

The description thus far has primarily referred to use of the 
components of the client portion of the secure digital commerce system by a 
5 virtual store. One skilled in the art will recognize that many alternative 
configurations are possible. For example, a standalone online purchasing 
application can be used to execute the components of the DCS client to 
communicate directly to a licensing and purchasing broker to request and receive 
electronic licensing certificates. In addition, one skilled in the art will recognize 

10 that the separate components of the DCS client avid the DCS server enable each 
component to be separately replaceable and separately customized. For example, 
to generate a customized virtual store, a specialized user interface for licensing 
and purchasing merchandise can be generated and stored as the user interface 
component (e.g., SAFEUI.dll 508 in Figure 5) on the easterner computer system. 

15 Further, one skilled in the art will recognize that ihe licensing code incorporated 
into the encrypted content (or content player) can be replaced ir. its entirety and 
can be made supplier specific, in addition, ihe code usee to generate ELCs from 
the password generation data reposikny can be optimized to be supplier specific. 
Further, all of the functions of the DCS server can be provided as licensing and 

20 purchasing administrative functions (for example, via an applications 
programming interface) to enable content suppliers to furnish dieir own licensing 
and purchasing brokers. 

The secure digital comme/ce system can also be utilized to support 
a combination of transactions pertaining to the online delivery of goods with 

25 transactions peitaining to physically deliverable goods and services. For 
example, along with the purchase of the WinZip 6.2 computer program, the 
virtual store may offer merchandise, such as mugs, T-shirts, travel bags, and even 
support service packages that cannot be delivered online. In these instances, the 
licensing and purchasing broker is additionally responsible for classifying 

30 received requests into online deliverables (BSD items) and into physical 
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deliverables (non-ESD items) and is responsible for ordering and purchasing the 
non-ESD items. 

Figure 21 is an example flow diagram of the additional steps 
performed by a licensing and purchasing broker of the secure digital commerce 
5 system to support non-ESD transactions. In step 2102, the licensing and 
purchasing broker selects the next item of merchandise requested starting with 
the first. Figure 21 assumes that each HTTP request may request more than one 
item of merchandise. For example, l user interface library may offer additional 
non-ESD merchandise, which can be purchased at the same time that a customer 

10 purchases an ESD item. The user interface library generates and sends to the 
licensing and purchasing broke!' an HTT " request, which requests the purchase of 
multiple items of merchandise. For each item in the purchase request, in steps 
2103-2110, the broker processes the item in accordance with an indicated 
purchasing option for the item. 

15 Specifically, in siep 2102, the broker de -engines whether there are 

more items remaining to be processed for ;he request and, if so, continues in step 
2103, else finishes processing. In step 21C3, the licensing and purchasing broker 
determines whether the item is an ESD :v*;m or a non-ESD kern. One mechanism 
used to determine whether the item is aii ESD or a non-ESD item is to store a 

20 flag in the version table in the password generation data repository. For each 
purchasable item (ProductSkuId), the version table stores either a password 
configuration identifier or a distributor information iderJifier. In step 2104, if the 
item is an ESD item, then me broker continues in step 2105, else continues in 
step 2106.. In step 2105, the broker ^xt-emes the steps previously discussed with 

25 reference to Figure 12 for items ihal ar? deliverable online in step 2106, the 
broker determines distributor contact information for ihe non-ESD item from a 
distributor information table stored within a data repository. The distributor 
information table for non-ESD transactions can be stored along with the 
password generation tables in die password generation d.ua repository or in its 

30 own data repository. The distributor information stored in the table includes 
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sufficient location information for contacting a distributor from whom the item 
can be purchased using an electronic request. In step 2107. the broker obtains 
preauthorization information for a method of payment specified by the customer. 
It is assumed in this step that such information has been already obtained. If 
5 necessary, however, the broker sends appropriate requests to the code that 
initiated the purchase request (for example, the user interface library) to obtain 
method of payment information from the user and to continue accordingly. 
Preauthorization is necessitated by non-ESD purchases, which require a shipment 
date before the broker is able to charge the purchase lo a customer's credit card. 

10 The preauthorization is performed by the payment processing function (e.g., the 
payment processing function 309 in Figure 3). In step 2108. if the purchase is 
preauthorized, then the broker continues in step 2109. eke continues in step 
2110. In step 2109, the broker sends a purchase order to the located distributor 
for the merchandise using a vvell-krown Electronic Data Interchange ("EDI") 

15 format and commercial EDI products, such as those- provided by Digital 
Corporation. One skilled in the art wi!I recognize that any mechanism that 
allows information for electronically providing a purchase order would be 
operable with the licensing and purchasing broker. It! step 2110, the broker 
returns the results of the prearlhoiiz^tbn attempt to the requesting routine, and 

20 then returns to the beginning of the loop > step 2101 . 

To complete the purchasing transaction for a .icn-ESD item, the 
licensing and purchasing broker waits until it is informed by the distributor that 
the distributor will fulfill the requested purchase order (&hip the merchandise) on 
a particular date. At chat time, the licensing and purchasing broker contacts the 

25 payment processing function to charge the purchasing transaction to the customer 
and to credit the distributor. 

One skilled in ihi art a lU recognize that other variations for 
processing ESD and non-ESD transaetiais would also operate v/ith the licensing 
and purchasing broker. For example, iiijtcad of the user interface library offering 

30 related nou-ESD merchandise, ihc WHB p-iges of the v\rluc\: score may offer both 
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ESD and non-ESD items for purchase, in this scenario, a graphical icon (or 
similar object) associated with each non-ESD item available for purchase is 
displayed in addition to icons for ESD items. However, unlike the icons 
associated with ESD items, these icons are not linked to a download file that 
5 causes components to be downloaded, because online delivery is not possible. 
Instead, other virtual store code is linked to the non-ESD icons, which uses the 
purchasing library routines to send purchasing requests for non-ESD items to the 
licensing and purchasing broker. 

10 U.S. Provisional Application No. 60/049,844, entitled "A Method 

and System of Securely Incorporating Digital Information into an Electronic 
Store," filed on June 17, 1997, is hereby incorporated by reference in its entirety 
and International Application No. FCT/US9 8/0 1345 filed January 29, 1998, 
entitled "Method and System for Injecting New Code Into Existing Application 

15 Code," is also hereby incoiporated by reference in its entirety. 

Although specific limbedhYients of, and exaviples for, the present 
invention are described herein for illustrative purposes, it is :ict intended that the 
invention be limited to these embodiments. Equivalent methods, structures, 

20 processes, steps, and other modifications within the spirit of the invention fall 
within the scope of the invention. For example, the teachings provided herein of 
the present invention can be applied to olher client/server architectures, not 
necessarily the exemplary Internet based, HTTP model described above. These 
and other changes may be made to the, invention in lighw of the above detailed 

25 description. Accordingly, the invention is not limited by the disclosure, but 
instead the scope of the present invention is to be determined by the following 
claims. 
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CLAIMS 

1 1. A computer network system for implementing digital commerce 

2 comprising: 

3 a client portion comprising online purchasing code for selecting 

4 electronic data to be licensed and transmi :ted online and comprising a plurality of 

5 components that are provided by a supplier server computer system, wherein the 

6 components are downloaded via the onlai:; purchasing code to a client computer 

7 system in response to the selection of electronic data to be licensed, the components 

8 including the selected electronic data with at least a portion of the data being 

9 encrypted; and 

10 a licensing and purchasing ser* ;i* portion thai provides an electronic 

11 licensing certificate in response to a request Uom a downloaded component to license 

12 the selected electronic data, wherein, when Ife selected electronic data is processed on 

13 the client computer system, it is decrypted cniy upon determ hation of existence of the 

14 electronic licensing certificate generated by the licensing and purchasing server. 

1 2. The system of claim 1 wherein the plurality of components 

2 includes encrypted digital content, a ccaespci:ding encrypted slurry information file 

3 that provides licensing and decryption datL, a licensing xde module thai requests 

4 licensing from the licensing avid purchasing server portion when tu:: encrypted digital 

5 content is processed. 



1 3.. The system of claim ] u herein the electronic licensing certificate 

2 is encrypted by the licensing arid purchasing serve:: portion hrd decrypted when the 

3 downloaded selected electronic datL is proces; e 1 

1 4. The system of elain; I therein the licensing and purchasing 

2 server portion includes separate code nvodules for generating licenses and for 
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3 receiving requests from the client portion, wherein the license generating code module 

4 is replaced to incorporate a new licensing model. 

1 5. The system of claim 4 v herein the new licensing model includes 

2 a new encryption technique. 

1 6. The system of claim i wherein the licensing and purchasing 

2 server portion includes separate code modules for generating licenses and for payment 

3 processing, wherein the payment processing :;ode module is replaced to incorporate a 

4 new payment processing module. 

1 7. The system of claim 1 wherein the online purchasing code allows 



2 selecting merchandise that is not to be transmitted online and wherein the licensing 

3 and purchasing server portion differentiate*; between selected electronic data to be 

4 downloaded and selected merchandise tiuu. ;s not to be transmitted online and 

5 transmits an order for physical shipment of selected merchandise that is not be 

6 transmitted online. 



1 8. The system of claim 1 wherein a plurality of electronic data 

2 selections can be licensed in response to a single licensing request sent to the licensing 

3 and purchasing server portion. 

1 9. The system of claim i wi'.eiein the components downloaded from 

2 the supplier server computer system are downloaded in a background task. 

1 10. A method in a computer system fox facilitating digital commerce 

2 over a network, die method comprising: 

3 selecting an item of electronic data; 

4 indicating a purchasing optica iov the selected item; 
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5 receiving and storing a plurality of components that are associated with 

6 the selected item, the components including a content file that contains content for the 

7 selected item, the content file not able to he processed until the selected item is 

8 licensed in accordance with the purchasing option; and 

9 initiating processing of the content file, such that licensing code is 

10 executed before the content is processed, the licensing code causing the selected item 

11 to be licensed in accordance with the purchasing option so that the content file can be 

12 processed. 

1 11. The method of claim 1 0 wherein the selected item is licensed by a 

2 licensing and purchasing server. 

1 12. The method of claim : 0, : ? jr!her comprising: 

2 receiving an electronic license ;^rrificate that indicates that the selected 

3 item is licensed; and 

4 continuing processing of the -.Oinxxx file. 

1 13. Ths method of claim 12 wherein a portion of the received content 

2 file is encrypted, and wherein the continuing processing of the content file after 

3 receiving the electronic license certificate cmiics the encrypted portion to be decrypted 

4 such that the content file can be processed. 

1 14. The method of claim ■ 0 herein a portion of the received content 

2 file is encrypted and further comprising; 

3 determining that the selected iU:.n has been licensed in accordance with 

4 the purchasing option; and 

5 decrypting the encrypted >;o:.ion so thai the can'^nt file can be 

6 processed. 
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1 15. The method of claim 10 wherein one of the received components 

2 is a user interface library that is used to indicate the purchasing option for the selected 

3 item. 

1 16. The method of claim 10 wherein the purchasing options include a 

2 trial use of the selected item. 

1 17. The method of claim 10 therein the purch^iV.g options include 

2 trial use, purchase, and rental of :he selected item. 

1 18. The method of claim 10 wherein the receiving and storing of the 

2 components is interrupted and further wOn~p.:ia,ng resuming receiving and storing the 

3 components without again receiving any components already successfully received 

4 and stored. 

1 19. A method in a co.Tipj&r system for facilitating electronic 

2 commerce over a network, the method comprising: 

3 receiving a request iron; a purchasing application for a license for an 

4 indicated item, the request indicating a purchasing option; 

5 generating an electronic license certificate in accordance with the 

6 purchasing option, the electronic license certificate indicating the parameters of the 

7 license; and 

8 sending the generated electrode license certificate to the purchasing 

9 application. 

1 20. The method of claim 19 therein the generated electronic license 

2 certificate is encrypted. 
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1 21. The method of claim 19 wherein the generating of the electronic 

2 license certificate is performed by a separate code module. 

1 22. The method of claim 19 wherein the generating of the electronic 

2 license certificate is performed using a ekua repository having tables that define the 

3 license parameters to be used for the indicated item in accordance with the indicated 

4 purchasing option. 

1 23. The method of ckim 19, farther comprising requesting 

2 authorization from a payment processing system when the indicated purchasing option 

3 is a purchase. 

1 24. A method in & rjetv/oifcd computer system for performing digital 

2 commerce, the method comprising: 

3 under control of a virtual store, 

4 selecting an item of electronic data to be licensed; 

5 indicating a purchasing epeon for the selected Item; 

6 sending a request to download a plurality of components, at least 

7 a portion of the plurality of components being used to operate the selected item, the 

8 components including a content component and a licensing component; 

9 upon completion of downloading the plurality of components, 

10 invoking the downloaded licensing component to generate a license in accordance 

1 1 with the indicated purchasing option; lvA 

12 upon receiving a gjnexated license, processing the content 

13 component so that the selected item is operable. 

14 under control of a supplier stiver system, 

15 receiving the request to download the plurality of components; 

16 and 

17 sending the tequesteel cevnponents to the virtual store; 



t 
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18 under control of the licensing component, 

19 sending a request to a Mcensing and purchasing server to generate 

20 the license; and 

21 under control of the licensing and purchasing server, 

22 receiving the request to generate the license; 

23 generating the licence in accordance with the indicated 

24 purchasing options; and 

25 sending the generated lic&iijse to the virtual store. 

1 25. The method of claim 24 wherein communications with the 

2 licensing and purchasing server arc implemented using a public key/private key 

3 cryptographic algorithm. 

l 26. The method of claim 24 wherein a portion of the downloaded 



2 content component is encrypted, and farrhei comprising decrypting the encrypted 

3 portion only after receiving the generated license so that the selected item is not 

4 operable until the license has been generated in accordance with the indicated 

5 purchasing option. 



1 27. The method of claim 24 wherein the indicatea purchasing option 

2 is chosen from at least the set of trial use and purchase. 

1 28. The method of claim 24 v/uerein the components are downloaded 

2 as a background task. 
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A method and system for facilitating digital commerce whig a secure digital commerce system is provided. The secure digital 
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client communicates with the DCS server to download the components onto a customer's computer system and to license and purchase a 
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certificate. The eletrotiic certificate contains license; para^i-tare chat are specific m the revested merchandise and an indicated purchasing 
option. Once a valid eletronic license certificate t?cw the requested merchandise is received by th& IV'S client, the merchandise is made 
available to the customer for use in accordance with ;h.. !*c?.r/sing parameters contained in the efcwironic license certificate. 
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METHOD AND SYSTEM FOR SECURELY 
INCORPORATING ELECTRONIC INFORMATION INTO 
AN ONLINE PURCHASING APPLICATION 

TECHNICAL FIELD 
5 The present invention relates to facilitating the purchase of 

electronic information using digital commerce and, in particular, to providing a 
component-based architecture that facilitates online licensing and purchase of 
digital content and software. 

BACKGROUND OF THE INVENTION 

10 Today's computer networking environments, such as the Internet, 

offer an unprecedented rnecium for facilitating the purchase of software and 
digital content online. Electronic software distribution (ESD) provides an online 
alternative (using computers) fci a customei to purchase software and other types 
of digital covvccivc from publishers, resellers, and distributors without the physical 

15 distribution of a shrink-wrapped product. This online process is referred to as 
digital commerce. The customer purchases and downloads the software or other 
digital content directly t:om the network. In die context of this specification, 
software is generally a eo"op-„tei program, which is self-executing, whereas 
digital content that is not software is data that serves as -input .o another computer 

20 program. For example, audio ccnruit is digital content (ar, rudio script) that is 
played and heard by executing an audio player (a computer program) to process 
the audio script. This act of processing is referred to as "executing" the digital 
content. For the purposes of ihis ipecification, self-executing content and other 
digital content, as well as any other type of electronic information that can be 

25 licensed or purchased, including combinations of content and a player for that 
cement, will be referred to gcu^ric&iiy as electronic information, electronic data, 
or electronic content. 
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One of the major problems that authors of electronic content face 
using digital commerce is a reliable mechanism for obtaining payment for their 
electronic content. One reason is that it has become increasingly easy, without 
the use of secure licensing code, to copy and widely distribute electronic content. 
5 To limit the use of illegal copies of electronic content current systems have 
incorporated licensing code into existing application programs to be 
electronically distributed using various solutions. According to one technique, 
which will be iefeired to herein as wrapping," a second application program (a 
wrapper program) is distributed on the network, which includes an encrypted 

10 version of the original application program. The wrapper program, when 
installed, decrypts the encrypted original application program and then proceeds 
to execute the original application program. To successfully decrypt the 
program, a legitimate end user must provide fne proper licensing information to 
enable the decryption to opeime. A security hole exists, however, in that, while 

15 the wrapping program is m ibf process of decrypting the original application 
executable file, temporary sic created to hold ihn decr/pv^d program code. 
Once the entire original application program has been decrypted and stored in the 
temporary file, a "software pirate" can then make multiple copks of the original 
unencrypted application prog.:,;;:.; in the temporary file and can distribute them 

20 illegally. 

Father, use of the wrapping technique to incorporate licensing 
provides only limited addition! security 10 a vendor who huplemenis what is 
known as a "try and buy* 1 I:jer,siug model. A try arid i/**y licensing model 
typically distributes an application urogram with either limited functionality or 

25 for a limited time of use lo enalie a potential custorv.e.: lo explore; the application. 
Functionality may be limited, lor example, by disabling =. sei of features. Once 
the potential customer is satisfied, the customer can pay for and license the 
application program for mc:v pexmanenc use. If an upp/. cation program is 
distributed using the wrapping teejjuque to potexilil Cu^mvA. for the purpose 

30 of try and buy accusing, tntn, v/ien the application program is decrypted and 
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stored in a temporary file, a software pirate can determine how to enable the 
disabled features or how to remove the license expiration data. These security 
problems can result in the distribution of illegal copies, which are hard to detect 
and monitor in a global network environment. 

5 A second technique for incorporating licensing code into an 

existing application program directly inserts the licensing code into the 
executable file. Using the direct insertion method, an application developer 
determines where in the execuxhk: file the licensing code i-houH be placed and 
inserts the new code into the executable. After inserting die Sensing code into 

10 the existing executable file, the application developer .idjusfcz addresses that 
reference any relocatable code or data that follows the inserted code to account 
for the newly added code. However, it is very difficult for an application 
developer to determine where to insert the licensing :o<1? and to then test the 
entire application fo ensure it varies correctly. An applbalhn developer would 

15 typically need to disassemble tre executable file and study -he disassembled code 
to determine where to inser: ihx- licensing ccxh. Su;b disassembling and 
studying is a veiy time-consu/r.Lng ...rocess. Furthermore, ihe process must be 
repeated for each application progr*^ and for each vendor; of eaci; application 
program in which the code is Is be inserted. 

20 In addition to pvohbn^; relating to obtaining payment due to illegal 

distribution, the current metoas for incorporating hcen^rjg code and for 
supporting digiuu commerce ;>..^se-..i scalability f rcble, u example, it is 

difficult for the^e systems U. .via die larg:: volumes i;.a muierous types of 
electronic comertl because ehcage to the licensing o; purchasing model 

25 requires re»encrypt:on and perhaps /^.-wrapping of .he eiectioruc content In 
addition, it is difficult to distribute such content online when the content is large 
in size because the network carureotxn may be prone to failures. A failure in a 
network connection when do'/.rJoaimg the eiectxomc '/clou would require 
starting the dovviiioad opersxiGj ^g,u... 
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To perform digital commerce, today's computer networking 
environments utilize a client/server architecture and a standard protocol for 
communicating between various network sites. One such network, the World 
Wide WEB network, which comprises a subset of Internet sites, supports a 

5 standard protocol for requesting and for receiving documents known as WEB 
pages. This protocol is known as the Hypertext Transfer Protocol, or "HTTP." 
HTTP defines a high-level message passing protocol for sending and receiving 
packets of information betwei/n diverse application-. Details of HTTP can be 
found in various documents including T. Beniers-Lee et aL, Hypertext Transfer 

10 Protocol-HTTP 1.0, Request for Comments (RFC) 1945, MIT/LCS, May, 1996, 
which is incorporated he/ein by reference. Each ETT? message follows a 
specific layout, which includes srnong other inform ;nior: a header, which 
contains information .specific to the request or response. Further, each HTTP 
message that is a request (i*v. HTTP request message) contains a universal 

15 resource identifier (a "URT} r * specific a target 'ex :rk resource for the 
request. A URI is ejthe: a V-niform Resource Locator ("URL") or Uniform 
Resource Name ("URN"), oi ar.y otuv fonaaUed string th^t identifies a network 
resource. The URI contained ;r, a request message, m ci:?:A, identifies the 
destination machine for a message. URLs, as an exarch: of URis, are discussed 

20 in detail in T, Berbers- Lee, et £L Uniform Resource Locators {URL), RFC 1738, 
CERN, Xerox PARC, UuiV. ;; Iv.'iru., De:e:^ibei:, 19"'', which is incoiporated 
herein by reference. 

Figure 1 iilust::ilCA how d browser application, using the 
client 'server mode'/ of the World Vt';de WEB network, enables users to navigate 

25 among network nodes by requesting and receiving WEB V/agei. For the purposes 
of this specification, a WEE page is any type of do; u.^cnt Cat abides by the 
HTML format. That is, the document includes an C, <HTML>' ; statement. Thus, 
a WEB page can also be iefe./rea to as an HTML document yr an HTML page. 
HTML is a document mark- up language, defined, by the Hypertext Markup 

30 Language ("HTML") specifkiubn. HTML defines .ags jcr specifying how to 
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inteipret the text and images stored in an HTML page. For example, there are 
HTML tags for defining paragraph formats and text attributes such as boldface 
and underlining. In addition, the HTML format defines tags for adding images to 
documents and for formatting and aligning text with respect to images. HTML 

5 tags appear between angle brackets, for example, <HTML>. Further details of 
HTML are discussed in T. Berners-Lee and D. Connolly, Hypertext Markup 
Language-2.0, RFC 1866, M07W3C, November, 1995, which is incorporated 
herein by reference. 

In Figure i, a WED browser application 101 bj shown executing on 

10 a client computer system 102., which communicates with t. server computer 
system 103 by sending and r—civlng HTTP packets fnsssagss). The WEB 
browser application 101 requests WEB pages from other locations on the 
network to browse (display) \vhat is available at these locations This process is 
known as "navigating"" to siu* cm the WEB netwoiL In particular, when the 

15 WEB browser application 101 "navigates" to a new location, it requests a new 
page from the new location server computer sysvern 103) by sending an 
HTTP- request: massage; 104 ui::.ng any well -known jndsrly-iAg communications 
wire protocol. HTT?-iequc*Jt Message 104 follows the specific layout discussed 
above, which includes a heade: 105 and s URI field 106. which specifies the 

20 target network location for Hit loquest. When the server computer system 
machine specified by URI IjC (,.g\, the server computer sy.-;:om 103) receives 
the MTTP-reqiUiSS' message, a decomposes the message packtri and processes the 
request. When appropriate, >V;3 reiver co;npui;er system wonstructs a return 
message packer to send to :h .; .jour:.s locaUon that originated "he message (e.g., 

25 ths client computer yysteMi IT) hi ;he form of an H'rXT-v^ponie message 107. 
In addition to the standard fc^res of an HTTP message, *uch a\ the header 108, 
the HTTP-response message 107 curtains tk requested WE3 page 109. When 
the HTTP-response message 07 reaches the ciiciii co;iipU;.r system 102, the 
WEB browser application 10* f:*l,:i:a':s the WHE pag-s from :he message, and 

30 parses and interprets th* in>.'L : ide in the page (e>:c;ui'es the WEB page) in 
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order to display the document on a display screen of the client computer system 
102 in accordance with the HTML rags. 

SUMMARY OF THE INVENTION 

The present invention provide;: methods; and systems for facilitating 

5 the purchase and delivery of cA?etromc content using a secure digital commerce 
system. The secure digital commerce system interacts with an online purchasing 
system to purchase and distribute merchandise over a m -^eik. The secure 
digital commerce system is cov ori^< 7 of a plurality of modularized components, 
which communicate with etch other to download, license, and potentially 

10 purchase a requested item cf risrchnndise. Each component is customizable. 

Exemplary emh. iiireius of the sec art. digiia: commerce system 
("DCS") include a DCS ciie, : ;r-,/ \ DCS server. Tto? t X:S :!ient includes a 
plurality of client component w? >- are dowr.lo.2det: by v;. boot program onto a 
customer computer system \\\ . sponge to requesting an of merchandise to 

15 be licensee or purchased. Th :bv, .loaded client component nolude a secured 
(e.g., encrypted) content file a . a; corresponds to the cont:n: of* die requested item 
and licencing ;ode that is an.on^dcally executed to ^n^re lhat the item of 
merchandise is properly iic^j;,a L:fore a customer is p^; miked to operate it. 
The DCS seiver includes a co:.rii..it supplier seiver, wh*ch provides the DCS 

20 client components thai a : e ^pc^ilc :o the /equaled i^id a licensing and 
purchasing broker, which g;^ _^.> and rerai^ *; :;i:tuc . •■' : ironic licensing 
certificate in response to a :c ^ :si i-. license the roquet; -:<. Aum of merchandise. 
The generated electronic lic^je euitificats contain^ licensing parameters that 
dictate whether the merehandr. . permitted to be executed. Thus, once properly 

25 licensed, the downloaded en;... exponents in conjunct; wiJ'i the electronic 
license certifica-x peinth a Ic^dmuLe customer to exec^e (process) purchased 
content in a maimer thai helps prevail illegitimate pnacy, 

In one embod^n;.^ uie electronic Ibe..;*:: cer:i r .;ate is generated 
from tables stored in a paiis\o.d generation data rc/pc^to*/. Luch table contains 
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fields that are used to generate the license parameters. Each electronic license 
certificate is generated specifically for a particular item of merchandise and for a 
specific customer request. Also, the electronic license certificate is secured, such 
as by encryption, to prevent a user from accessing the corresponding item of 

5 merchandise without proper authorization. One technique for securing the 
electronic license certificate uses a symmetric cryptographic algorithm. 

The secure digital commerce system also supports the ability to 
generate emergency electrorJ; license certificates In cassa an electronic 

license certincrie would not -omally be authorized. T: accomplish this 

10 objective, a separate emerger.cy password generation table is provided by the 
password generation data repository. In addition, the secure digital commerce 
system reliably downloads t>:; u.knt components e^en when a failure is 
encountered during the dovrcicad procedure. Further r? r.rv : vnum number of 
components are downloaded. 

15 In addition x siting electronic Ikense certificates, the 

licensing and purchasing broke: may Aso include access to a payment Recessing 
function, which is invoked to -\uf.iC.nze a particular nil- 'hod of payment for a 
particular ton£<Lciion. Tht \txig and purchasing broker \':ay also include 
access tc a clearinghouse fiuc\; n ...iod to trac \ and audi! p.rouas&s. 

20 Digital commerce is ;>:rforrned using "he s:cu" :;;g:Ul commerce 

system as follows. A customer invokes an online purcha^in^ system to request 
an item of merchandise and tc *uu cute a purchasing o^ilo^ ( audi as "try" or 
"buy"). The DCS client then dew/.jads onto a cus^nv;r coi/pate/ system the 
client components that are asso; iu.id with the request:' iit;:n. Included in these 

25 components is a secured contc:^ :, opponent. The ^cuuc ccn^nt component is 
then installed and executed (p. ^;oi;cd) in a maimer n ni r^.xnatically invokes 
licensing code. The lic^in^ -rjdt when (he rec^e^ud it^h \j nut yet licensed 
propeily, causes the reques^-d ii.:n to be licensed \\j the licensing and 
purchasing broker in accordant*; >h j the indicated p.'.rcL.j.aii.g option before the 

30 content component becomes sp^a^e. Specifically, .e Ihendi^ and purchasing 
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broker generates a secure electronic license certificate and completes an actual 
purchase when appropriate. The broker then returns the electronic license 
certificate to the licensing code, which unsecures (e.g., unencrypts) and 
deconstructs the electronic license certificate to determine the licensing 

5 parameters. The licensing code then executes (processes) the content component 
in accordance with the license paraneters. 

In some embodiments, the secure digital commerce system 
supports the licensing and pia^h^ng of both m-irchaK-f^se tVat a; deliverable 
online and merchandise that requires physical shipment of a product or service 

10 (e.g., non-E3D merchandise). 

BRIEF DESCRIPTION OF Tl -rH DRAWINGS 

Figure 1 ilius- tet l iow a browser application, using the 
client/server model of the V/c V.de WEB network cables risers to navigate 
among neiwor-c nodes by rcc;; ..r. ;.:.). and receiving, WLE V- :1 £^. 
15 Figure 2 is v/:- ■ display scree:.* of cnltr viiiual store that 

operates with the secure digital commerce system. 

Figure 3 is an overview block diagram, of the secure digital 
commerce system. 

Figure 4 is an o - r . : -^ v flowchart of tlu? e>;3r_vpln steps performed 
20 by the seci^re digital cowmen . ;>* b-vr. components U 1 [ <s fx?.:, .he licensing and 
purchase of oitcironic Aita. 

F:,j-re 5 is a Llo - * j^rajn of a ga zjA ;a'p:;;e computer system 
for practicing ei;ibodim3r;:z of fit *?; ZS client. 

Fi^irre 6 is an axani^Ie flow diagram of the su-ps performed to 
25 generate the components of the DCS client. 

Figure 7 is b& \ ar.-pje WEB page :f i vf'aal store used to 
purchase electronic dak., v.'I.:Y . 5 routing on u cls::^\-/ cd \x\;tei system. 
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Figure 8 is an example flow diagram of the steps performed by a 
boot program executed on a customer computer system to download client 
components when licensing a selected item of merchandise. 

Figure 9 is an example flow diagram of licensing code that has 
5 been incorporated into an encrypted content file. 

Figure 10 is an example display screen presented by a virtual store 
to determine whether a customer desires to license a product for trial use or for 
purchase. 

Figure I \ is ix\ erinrrJe flow diagram of "Xvt steps performed by 
10 licensing code to determine ^kerer a valid electron"]:: licensing certificate is 
available. 

Figure 12 is an z? :i.mp!e flow diagram of the steps performed by a 
licensing and purchasing broker :>f the secure digital commerce system. 

F:.guie 12 is ar: ^arrHe display screen cf the WiriZip 6.2 program, 
15 which was selected for purch.is-; Figure ' 7 , when if executes after completing 
the "licensing procedures. 

Figure 14 is an c:camy,Ie display scr^u for selecting a particular 

credit card. 

Figure 15 is an ::: -ur;:p^ display screen for raterir.g a password for 
20 a selected credit card. 

Figure 16 u an x;a: r ; ,c display screen *;o: adding a new credit 

card. 

"Figure 17 is an cxaniflt display screen for alowrig a customer to 
verify an intent :o purchase aft. -\ 14 ; : lying a method of p*yme;.'h 
25 Figure 18 is an example display screen for indicating that a 

purchasing transaction has beer, authorized. 

Figure "19 is an example block diagram that illustrates one 
technique for e:: : raring secure . l:v: .Jiiications between a DCS client component 
and a licensing and purchasing : : rc^isr. 
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Figure 20 is an example encrypted message protocol for sending 
encrypted messages between DCS client component and a licensing and 
purchasing broker. 

Figure 21 is an example flow diagram of the additional steps 
5 performed by a licensing and purchasing broker of the secure digital commerce 
system to support non-ESD transactions. 

DETAILED DESCRIPTION C7 THE INVENTION 

Exemplary embocnr-f-nts of the present mventicu provide methods 
and systems for facilitating sec ire digital commerce of electronic content. The 

10 secure digital commerce system hieracts with an online purc23sh;g system, such 
as a virtual store, to facilitate t'v pin :hase and distribution of merchandise over a 
network, such as the Internet the v/orld Wide WEB network (the WEB). For 
. the purposes of this specification, a virtual store is air/ executable file, data, or 
document (for example, a WV'E page) that e/tacks a uv;r to electronically 

15 purchase merchandise over a nc, *v _k. 

Figure 2 is ai\ display screen of an crAiu: virtual store that 

operates with ih: secure digit?." L^xnerce system. Although i c secure digital 
commerce system is described v Y* reference tc a virtue! stcre, jikj skilled in the 
art will recognize that any typt electronic purchasing system cr application, 

20 including a standalone application, is operable with embod^atrits of the present 
invention. A broker tipplicat:: r \ \v_.:dow 201 is shown cur:s.iitiy displaying (and 
executing) a WBB page 202 . i\i -/sd from the location specified by the URI 
"www.buysoftwive.com/ 1 Y.73 jiige 2C2 pro ride j a of user interface 
elements, for example, puficcc.:;^ 204 and 205 anc ico/j 20? which display 

25 information or which can ha UvY. Lc navigate to addidoi'al ^ibnuauon. A virtual 
store typically provides a uf icons, which ^cl\ cksoribe an item of 
merchandise that can be pu;,;:avec. For example, graphic Y icon 203 is an 
example icon that is linked to jil YACtionality needed lo pui chase a Microsoft 
Corp. software game entitled '7YYYRN OF ARCADE.'' 
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Each icon is typically linked to a server site on the network, which 
is responsible for supplying the content of the item when purchased if the item is 
capable of electronic delivery. When the user selects one of the icons, the 
browser application, as a result of processing the link, sends a request for the 

5 selected item to the server site, Thus, when a customer selects the icon 203, an 
HTTP request message is sent to an appropriate server site to locate and 
download the software modules that correspond to "RETURN" OF ARCADE." 

For the purposes vi hii specification, the Merchandise that can be 
licensed and distributed online includes any type of digital or electronic, 

10 information or data that can be transmitted using any means for communicating 
and delivering such data over a network, including data transmitted by 
electronics, sound, laser, or oitier similar technique. Similarly, although the 
present application refers gentiically to "electronic dava" or "electronic content," 
it will be understood that embodiments of the present invention can be utilized 

15 with any type of daia that can s^oicd and transmitted over a rework. 

The secure digi&l commerce system; is arranged according to a 
client/server architecture and provides a modularized DCS client and a 
modularized DCS server t'h&i interact wr& the on: ins purd^wn? system to 
perform a purchase. The DCS cliev.:: includes a set of client components; support 

20 for downloading the client corr.po;.ems onto a customer computer system; and 
support for communicating with the DCS servei :z hcense an item of 
merchandise. The clieru ccmp^iiuv^ contain a secure i {z.g^ encrypted) copy of 
the content and various components needed to license and purchase the 
merchandise and to unsecrxe ;*.g. 9 decrypt) and execute the licensed 

25 merchandise. The DCS eheni cei\.T;anicates with the DCS co.-vcr to download 
the client component onto a Oligomer's compter system in response to a 
request for merchandise fiom Lin; online purchasing sy stem. 7ne DCS client also 
communicates vmh the DCS j.^cr to license and purch^je the requested 
merchandise. The DCS servei urates an electronic r, cense certificate, which 

30 contains Iicer.se parameters (j.g., lenns) that are specific to the requested 
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merchandise and to a desired purchasing option (such as trial use, permanent 
purchase, or rental). The DCS server then sends the generated electronic license 
certificate to the DCS client. Once a valid electronic license certificate for the 
requested merchandise is received by the DCS client, the merchandise is made 

5 available to the customer for use in accordance with the license parameters 
contained in the electronic license certificate. 

The DCS client includes a download file, a use interface library, a 
purchasing library, a secured cc vic* . file, a DCS si-ct-irity information file, and 
licensing code. There is a download nJe for each kern of merchandise mat can be 

10 distributed electronically, which ;:o miins an executable boot program. The boot 
program is responsible for detenkrurg v/hat components need to be downloaded 
for a requested item of merclv.jdke. The secured :;oat^n; file contains the 
content that corresponds to the ;cqL<sted kem of merchandise. The content may 
be a computer program, data, j; a combination of both. Fcr th* purposes of this 

15 specification, ''secure 5 ' or "secured" implies the use of cryptography or other 
types of security, including the ,isc :f hardware. Gi?.e j- r^a:c the remaining 
components can be shared by sevwd kerns of merchandise. Pur example, the 
user interface library, which define:; *. user interface slzC ;o p u^base and license 
merchandise, may be specific '•.<. an kem ofirierehariili.se or m&y be uniform for 

20 an entire online purchasing sys.^ai The purchasing library, licensing code, and 
DCS security iivfomi^tion fki .i: used ;o interact with Ilv- DCS server to 
properly license requested inerehuL^ise. In particular, kie Ik ^;Jng code ensures 
that the requested merchandise Is no; operabk by ike customer until iv has been 
properly licensed by fhs DCS si. 

25 The DCS server u::.:i.i->i a content supplier *m e::. a licensing and 

purchasing broker, and a pay;.: :;/, processing funcaoii. TLj content supplier 
server provides rue merchandise ipcciiic DCS client eoiLporients. The licensing 
and purchasing broker generous r'tetronie Keen^ ceitifica;es and manages 
purchases. The paymevu proa^-n^ kmctioa authorizes p£/y;..L\k tor a particular 
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transaction. One or more of each of these entities may be available in a DCS 
server. 

One of the advantages of the modularized nature of exemplary 
embodiments of the present invention is that it provides a natural mechanism for 

5 replacing individual componerts and for customizing the system. For example, 
by replacing only the licensing code and a portion of the licensing and 
purchasing broker, an entirely \iti& cryptographic algorithm may be used to 
secure the content. Embodiment* of the inveitfior. *xteo support the secure 
execution of requested merchandise and minimize the number of components 

10 needed to securely dovmload, ;ic?;riv; , and execute; the requested merchandise. 

For the purpose a of this specification, ;ny client/server 
communication architecture aid communication protocol thai supports 
communication between the DCS client and th= DCS serve:* could be used. 
However, in an exemplary emb tisnt the secure digital commerce system 

15 utilizes the HTTP request cjrr^mc&iion model proM-Iti ty ,he World Wide 
WEB network. A detailed cesenj/kc of :his architecture and of WEB page 
communication is provided in J. CTDonnell et ah, C-pe^iz! Edition Using 
Microsoft Internet Explorer J, QUE lorp., 1996. whit:, h incorporated herein by 
reference. 

20 Figure 3 is an verview block ciagian; of the secure digital 

commerce sys^m: Figure 3 hioiiiu^ a DCS client 33 J and z DCS server 302, 
which u^ed v/ith an onlin;; cm^uI&ix^ application .^:h us it \V"£B browser 
application 303, to provide a ju -xl: i:h:g interface fas i;. p:/br. i. 1 . customer. The 
DCS client 301 includes a vn:-ui.l "tore 304 and %.\ .sitory 305. The 

25 virtual store 304 provides a *;,is:o;ner fioni end 313 a.:.d = ' ,res in the data 
repository 305 meixhandise-spe:.,;£c download files 313. The customer front end 
312 includes WEB pagei, A c^jociaicd proc:^.:Lg support, which are 
downloaded cut? a customer >.':u . tor syatem 3 i ■ to t/^ £ .: a u^er to purchase 
rne;ichar.dis.:.. Ihc dcv/nba<J 13.; 13, which sa:h c n .\::^n »u sxecutable boot 

30 program and a component iisL ussd Lo dcv^iu^e H-f. r/,:^handise -specific 
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client components (for exar/ipJr, i secured conuLt f c vr.i iicensing code). 
When an item of merchandic- in requested, the assc^at*.** download file is 
processed to extract the execuinbk boot program and thv component list. The 
executable boot program dowrOcadv the needed components Tom the content 
5 supplier server 306 using the component list, which specifies the components that 
are needed to successfully license and operate the corresponding item of 
merchandise. In an alternate embodiment, download files are generated 
dynamical!}' from component * ..*>;, ^ lack lists ai\v :.;o;vc in he data repository 
305. 

10 Tlu DCS serve:* 002 includes a conten*: ,up;;i;< : ;r server 306, a 

licensing and purchasing brhve: (server) 307, a ras.v./Oid generation data 
repository 303, and a payme^ pro;essing function 30?. The licensing and 
purchasing broker 307 iricludr, : : a separate iicensing library "10 {passgen.dll), 
which contains the code for ^.-ne a ting an appropriate license: in response to a 

15 request from the virtual ito^:. The Iicci.si;ig hh,a/r ..;vo the password 
generation data repository 3C3 ro generate an eieefconic hcense certificate 
("ELC'O with licensing pai an .cUrs tha: correspond :c u p^ticular item of 
merchandise. An ehctrcnic lie u:sc certificate is enc/j ^ed elctronic data that 
provides information that cu\ b, .Oiiized to dcttrnru;e whether a particular 

20 customer is authorized to e>:.:u:e the merchandise. Sadi information may 
include, for example, the sp^hrk^hon of a pence of dine (hat a particular 
customer is allowed to execu^; hie wi^rchandiie for uhu use. The data repository 
308 contains tables and fields ;hat are used to create tlu, active parameters of a 
license. The data repository 30 i Ai£.y contain inforn.a:ioi. lm, ii supplied by the 

25 source companies of the av^khb merchandise. Tne payment processing 
functions 309 are used by the licensing and purchasing oroker 307 to charge the 
customer and to properly credit hie appropriate sappier when the customer 
requests an actual purchase (rahcr th^u trial use or another form of licensing). In 
addition, clearinghouse funaioj:^ may be i/;vokcu by me licensing and 

30 purchasing broker 307 :o audii u;.,d track an online purcrusi. Clearinghouse 
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functions may be as provided by well-known commercial sources, such as 
Litlenet and Cybersource. SK iilaiiy, payment processing functions may be 
provided using well-known commercial credit card authorization services. 

Figure 4 is an overview flowchart of the example steps performed 

5 by the secure digital commerce system components to perform the licensing and 
purchase of electronic data. This figure briefly describes the interactions 
between the components shown in Figure 3 to accomplish the downloading, 
licensing, and purchasing of * requested itcvn of rne:/;;harid:se when it can be 
delivered online. In step 40 the potential customer a:v, i nioa:ls a WEB page 

10 (part of the customer front end 31".) from the virtual store 304 that includes the 
item to be requested (see, for triple, Figure 2). In step 402, the customer 
requests an item of merchandise, fcr example, by selecting u\ icon that is linked 
to a download file that corresponds to die desired :te:n. In response to the 
selection, in step 403, the virtu:-.! store 30 v downloads *v.\c instils the download 

15 file, which extracts -he executable ooot program arid component list ana causes 
execution (preferably as a bacx ground task) of the ixecitet'le boot program on 
the customer computer system 211 In step 404, ±z booi program reads the 
component list to determine what DCS client compov^nts t:> download and 
requests the determined ;:o;7.pont:i;s from the appropriate contents supplier 

20 server 306. The component list, further described be-low with reference to 
Table 2, indicates source a\;d t-uget locations for ouch component to be 
downloaded. Li step 405, ih. ixoi program ins'^Ji; a <I: ^buded (secured) 
content file that is associated wif : avj desired item of n;c;eluu^I>e and causes the 
content tile to be processed (t/^-AQ&). When the cduca. lie is a computer 

25 program, then ihe downloaded ::;ntaAt file has besr. p;^ burly configured to 
automatically cause licensing co:le to be executed Wf:re the content file is 
executed. When instead the ;; orient fib is data to input to a computer 
program, ±en the content pla* or Li deviously configure a -:o ajlomatically cause 
the licensing code to bo execu-eJ first before the center :i? data is processed. 

30 More specifically, the dowu'.xua content player i. :n;;:Led by the boot 
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program to process the secure;* encrypted) content fne data. The boot 
program then starts the execuha of vhe content player, v/hich invokes and causes 
execution of the downloaded iiceming code. Thus, in step 406, the licensing 
code, which is incorporated into either the content file or the content player, is 

5 executed. In step 407, if the licensing code determines thai a valid ELC already 
exists, then the content file continues to be processed in step 412, else the 
licensing code continues in step 408. In step 408, the licensing code requests a 
valid ELC from the "iicevisin^ and purchasing broker 207. In step 409, the 
licensing and purchasing broker iC7 determines wither a pm chase is requested 

10 and, if so, continues in step 4:. 3, tlse continues in step 411. In step 410, the 
licensing and purchasing broket 307 obtains a me;liod f:ir payment and 
authorizes the payment method usiv.g the payment preceding function 309. In 
step 411, the "licensing and purchasing broker 307 gen^tes a;: appropriate ELC 
using the licensing library 310 md :he password general on da -a repository 308 

15 and returns the generat-d ELC" -.o Av: licensing ccdo. In itep M2 9 if portions of 
the content file are encrypted u .It be iunher docC.cib^l, iheh the content file is 
decry pted and processed. 

A< : indicated ate/2, when the dDvvnload;:a 'sc^ivd) ixnusnt file is 
a coiiiputex pic gram, licensing co;".e is automatically invoked to verify the 

20 existence of, or obtain, a valia jle:,/;>nic license certificate for a requested item 
and to decrypt and execute ±c eon:f.nt file. One ^echunisni for incorporating 
licensing code into a eciuc/ t £k such that !<: \s .^ar.r; .cully invoiced is 
discussed in derail v^iih teferui^ :o relai-d U.S. Tate;- 1 ; Ap r nation Serial No. 
08/792,719, entitled "Method iM System for Injecting New Code Into Existing 

25 Application Code," filed on Ju ^y 29, 1997. That p^eut app-, .ration describes 
a technique for inserting IkurVnn. code brio an vxi>"iii% application and for 
inserted security code fnai seewwij jxeeu^s the application ~ode. The security 
code uses an incremental dec.; y,:,.;o;i process to ensiux a c:*uplete version of 
the unmodified application t cuie nevar visible at u. e time (to avoid 

30 illegitimate copying). Thuj, he security code ni=-o!:.ii-r;isv.*.. described therein 
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makes it impossible for sonc-rr to create an unr:cdifK;c* version of the 
application in a reasonable amount of time. The insc~ro:a ir. Unique described 
therein can be used to insert info a content file the licensing code component of 
the DCS client, which communi ;ates *-vith the licensing ?.r»d purchasing broker to 

5 generate an ELC Further, the einerypiion/decryplion teclaiique described therein 
may be used in the current cc.rcext. to incorporate security code that securely 
decrypts and executes the dow-vcacvd content file, 

In ^dditicn, whe-.i ;h: renter.; file *s <h:a U\ be " -.ed as input to a 
computer program (such as z. -.:oiitoit player), then \h: licensing code can be 

10 incorporated into the compute' program by invoking lionising -ode and security 
code routines. For example, zr vacation piograr.iniiiij] interface ("API") to the 
licensing code and to die mczo .ieii.V. decryption security c:»do can be provided. 
The convent player is prograi (or configured via (at iLs-:rtion technique 
described in the related patent ;pC^ Alan) to include ea;Is to the API routines to 

15 validate or obiar. .vr. ELC an; .^neourt: (e.g., de:-ryp:; :Ke ^ociated content 
file. One skilled L\ the art v>Ci iwU^iize .hat any mech v^s-i: C^t automatically 
causes the execution of lieeiu. ig cedf (end secur.i) :cC^) jcrbre the secured 
content is processed is opjrabS . * ; iih tmbodimen:s of IV pces.ii* invention. 

In ;i;;emplary ci-aC^di-ieius, the DCS i-lier; h- mplemented on a 

20 computer systen comprising o processing ..nit. a ."i^p^y, a memory, and 

other mpuVoutpat deuces lx laty embodiment- cf tie DCS client are 
designed to opiate in a gicc u. t y a. avor^ed env^'omr* ...i, su :h as a computer 
system rhac is connected to the i.^cr ± Figure 5 is a L»Lci.: digram °* a g en ^ ra l 
puipose computer system for y adding erribodimente of the DCS client. The 

25 computer system 501 contain ^ -Ci^rai processing ua..t (CJU) 502, a display 
503, a computer memory (m^or ) 505, or other computei -readable memory 
medium, and ether input/cut^ cwV.cea 504. Dc7/inca..cd components of tlie 
DCS client preferably inside memory 5C5 and craoutc on the CPU 502. 

The componeruJ cf the DCS ^Cr.; ..re shown after tk<;y r„avc been downloaded 

30 and installed on the compue. hj^t ~a 50i by an ext^utaDie 'jc-ct program and 



WO 98/58306 



PCT/US98/12686 



5 8 

after art appropriate eleotreu - "! : c ..-nse certificate h r s been generated and 
installed. Specifically, the ccnpcn. -w ^ of the DCS clir-M Include the executable 
boot program 507 (SAFEboot; : a user interface library 502 (SAFEUI.dll); a 
purchasing request libi^ary 509 (SAFEBuy.dll); an eziyyotsd content file 510, 

5 which is shown with incorporated licensing code 511 (SAFE.dll); an encrypted 
DCS security information fib 51.?. which is associated with the encrypted 
content file 510, and an elect]:-!::; licensing certifkafc: "iI4 '2LQ. As shown, 
each library is typically hr:pIca-:..T?>i**i as a dyiumic lir:',: iibiruy (a "DLL"). In 
addition tc these eompcnenU, : >e encrypted c xja-' t file contains data that 

10 is not a computer program, th? n:u:.oty 505 contains a content player 513 for 
processing the content file 510, vlucn has incorporated licensing code 511. 
Also, WEB browser application code 506 is shown residing in the memory 505. 
Other programs 515 also resh'i in he memory 505. C.:c skilled in the arc will 
recognize that exemplary DC? ;l:e^ components ca;i isj j t implemented in a 

15 distributed envboumeut wheie ; :e . noaz. programs sin >vn a curieri'dy residing 
in the memory 505 are instead u^^br^ed amon^; sevens compiler systems. For 
example, Lie encrypted eome;< rib 510 may reside j\ a different computer 
system Cnzn the boot program : 0 7. 

In exemplar/ enbGub;,cms, the DCS servei is implemented on one 

20 or more computer systems, earn eeMrpibb^ a central yr^ess:/^ unit, a memory 
and olher inpui/outpui devices bach of these ompJev a>,;iems may be a 
general purpose computer sysi-.n, b mlar to dial deseb^u in Figure 5, which is 
connected to a network. The ^ l y^tems that compi le ,ne server portion may 
or may net include displays. The password generation data repository may be 

25 implemented using any well-known Technique for implementing a database or 
any other type of data repository. Although shown a: a separate facility, one 
skilled in the art will veeogrn^ that the data repository may be incorporated as a 
component of me computer sy.-.ten. :nat n used to iui|>k^ net .r rhe licensing and 
purchasing hiCKer. Further, * .riled m ihe art v.-dl alio /ecognize that a 
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variety of architectures are possible and can be used 10 ivapiement exemplary 
embodiments of the DCS server. 

Figure 6 is an example flow diagram of the steps performed to 
generate the components of the DCS client. In an exemplary embodiment, these 
5 steps are performed by a utility program referred to as the SAFEmaker utility. 
The SAFEmaker utility is responsible for generating the downloadable 
'components that correspond tc m r:cm to be supplied as online merchandise. In 
addition, ihe utility gsner&ies s secured covitent file taac can er.Iy he processed 
when access is gmntzd. This capability is referred to as making the file "SAFE" 

10 (hence, the SAFE-prefix in 0:e remponent names), flaking a content file 
"SAFE" implies that security code and licensing code ave incorporated into the 
content file (or content player, r.i :hc case of digital content th* t is not a computer 
program) to ensure that the orM'iz merchandise is ui:u>le ordy ivher> proper 
licensing has been performed. T/pu ally, this process hvulve> sncrypting some 

15 portion of the content flic, L\^:\yt components gentled " 3 the SAFEmaker 
utility are stored c\\ "lie contei:*; =up£lier server {e.g., content supplier sender 306 
in Figure 3) and are downleads- *.l in response to icquest:: hova the virtual store 
front and. Other compcneatG iiva stored on the vivx u stcro, which may be 
located on a different covriputcr ^s^rn fium the coiucrA supplier server. The 

20 SAFEmaker utility also update^ ±e password generavi . dab repository of the 
DCS server with mcrcha-idisc-s; i-ci?:;. information. 

Specifically, in .u.p ^01, the utility x-o.*tzi licensing and 
secuiity code into the supplier specific electronic coru^. 0 ./tvicm player. As 
described above, an exemplar, a^cdimeni incorporate Licking and security 

25 code, according tc the Leelmiqi.^s do£.w;ibeci in the relied U.S. relent Application 
Serial No. 08/7^2,719. erdtic:! ''Mcihod and System fo t Ljecu^g New Cede into 
Existing Application Code/' ^; January 29, 1997 jy calling routines of 
an API as appropriate wL ]■ ;, cuntenl playu is nttdi.i). One skilled in the 
art, however, v/ : <i recognize ihu ;> .echmque for cnai.Tu;; L S proper licensing 

30 code gets execried when the ^r.^nt is processed <~.d ft.; encrypting (and 
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subsequently decrypting) the center^ file will operate wilk ;r: f bodiment$ of the 
present invention. In step 502, "he vt'lity produces one o:* rr?.orr j files that contain 
the (partially or fully) encrypted content In step 603 the utility produces an 
encrypted DCS security information flle(s), which cerium information that is 

5 used, for example, to decrypt "he or ient and to prodvc- a proper license. The 
contents of an encrypted DCS ^ecu ity information file ?>re described in further 
detail below with reference t » ""able 1. In step 6Gv the utility creates a 
component list file (an ".sic" jVi) jrid a download file for tki : particular online 
merchandise. Specifically, ir. a: ^.K-cdii^ent that sialic;*^ ^cm-rates download 

10 files, a self-extraethig hutalh.cn ale is generated (<Le download file), which 
contains :he component list ilhi ".sac" 9 file) specific ic the merchandise and 
the executable boot program. A,? described above, -h; do*v: load file, which 
conxains the executable boot \ i ->gv^n and the compCiiui. lis'*, i 1 typically stored 
on the viitual store zornputer :ys:t:/'i. The sxecutalv*; bout progiam uses the 

15 component lisl file to dc^nnh • ;ompoaenti to ci:-v/nio i i:cd to download 
them when partkular elytron;;: requested. A.. sample component list 

file is described fuither belou ' vith ■..•..lerence to Table 2. ki 505, the utility 
stores the download file on tk: \haial store computei y^xn. ( : j., virtual store 
304 in Figure 3). When imte.&.c 'ii:.; iowiilcad fl.es are dy-ia/uic illy generated by 

20 the virtual store whsn needed oi c. .articular WEE p^v, then in stepi 604 and 
605, the utility creates arid soH.rs CiW the comporierrt Ihi ills. In step 606, the 
utility stores the oth^r cor^poiAL .its of the DCS cheat, .^r..ple, the encrypted 
content and DCS Lecu^'Ly iu^;^.....- files, die liceLh^ -de, and the user 
interface library on the cun;cn;; supplier seiver &yuLo:n content supplier 

25 server 306 in Figaro 2). In s^p it 7, the utility updaiei, viii pas-, rord generation 
data repociitcty {e.g., password ^Laakon database 2>J] n: l\gure3) with the 
merchandise-specific licencing iiLoiiiauon, for wtaij.^.-e, fields used to 
generate the licence parameter of u >alid electronic .--ei.se _ernf:caie, and then 
retains. An example pas^cii- gtne.'aioL data veposkv:y i£; uibeussed ki fuither 

30 detail with reference tc Tables .j, m, ;:.nd 5. One skilloc \n lh> ait will recognize 
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that the generation of these components and the password 'feneration data may be 
performed at different times and by separate utilities. 



Field Name; 



Ty pe: 



CommerceSen-er 

ProductSkuId 

ProductUUID 

UILibName 

EntryPoint 

ImageBase 

Etey 

Ecode 

DaiaSize 

NumberRelocations 
Relocations 

Contact -OTnp ;?rt J 
Ccfiiac-tAddr&us 
Contaci'SirpportFhoni 
ConiactSupportFax 
Contacts irppoifiZmail 
ComactG;derP]r>ne 
Con tac iO rderF? ix 
Cor. tac tOrder? .nz.il 
ProductName 
1.1 ecu set ncnaiij ; 
Li eenseAdnvir L 7. 
Developed d 
Se;:reiKe;/ 
Acti"virAssis'iai*LS 
Fe til Li rs j uZl vc 
FeacureN unibt.r 
Hos vldTy p cL\ i i 
Integra ii 0/1T yp i 



String 

String 

String 

String 

Integer 

Integer 

Strhjr 

BinaryObject 

Integer 

Integer 

String 

Strive 

Suing 

Sto^ 

Svrir.g 

Siring 
Siring 

String 

String 
Siring 

JVcriv:.^ 

Eir^yOhjcr- 

integer 

Siv*;i 6 

integer 

Swing 

integer 



\ able 1 

Table- • is an ?*"xr/>k Hst of Selds that may be included in an 
encrypted DCS security infbnnatioo file. For each encrypted content file (or set 

5 of files), the supplier provides :.'bict; that are usee, b> a ; o1:uui. store to download, 
license, and purchase the associated electronic content. The data in the encrypted 
DCS security information fite : s encrypted separately Fom the content file to 
enable multiple items of rr.erciirtdise to share purchasing, licensing, and 
decryption information. Th.'^ capability is especially useful v r hen the items are 

10 provided by the rjame confer ;y yuppicr server. Thu.":, a single encrypted DCS 
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security information file ma)' be associated with more than one tncrypted content 
file. In addition, each field in the DCS security information file is encrypted 
separately. By separately encrypting each field, purchasing or licensing 
information can he changed vithoiit having to re-encry:* the content file or the 

5 rest of the DCS security information file. 

Specifically, in Table ? the CommerceServer field indicates the 
location of the licensing and purcl- asing broker (e.g., the network address of 
licensing and purchasing hrohm in Figure 3) 1.-: m rn^d to license and 
purchase the merchandise*. ^roodiments of im: secum digital commerce 

10 system, one or mere convene suppliers, licensing anc purchasing brokers, or 
paymsm processing functions, mt+y be utilized.) The -'''odactSKUId field is a 
specific identifier associated mih v vr msion (each executable) of a product for a 
specific reseller (virtual state), for die pmposes cf example, exemplary 
embodiments assume that a pmdm:; may have multiple /ersiens and that each 

15 version inay be packaged di£s:tnLy depending upon ur purchasing option (for 
example, trial use versus full ^arc^ssj. In addition, mme th&n one reseller may 
offer a version of a product. The: PxoductSKUId fkm h used to identify a 
password configuration table lO be used to generate m electronic license 
certificate and is discussed fu:<'ber tulow. The Product TJII) field is a specific 

20 identifier associated with each vershm of a product regaidless of the reseller. By 
using an identifier that ii specific m the produce version and not to the reseller, 
the digital commerce system cm* m^me that l cuslunm * /..c Ixuises a version of 
a product for (one time) trial i ^: ma j not utilize multiple ;eselleis to obtain more 
than one ELC for the same versic.;. In addition, this iuendfer is used by the 

25 licensing code to locate the a.^ouuted DCS securhy information file and is 
associated with various license-specific information. ?oi- example, clock data 
can be sieved in a system regoay indexed by Pvuducm CiD to ensure that "time- 
bomb" protected content is ueibated by rescuing ui3 clock to illegitimately 
process the content. The UL.jb/mnc indicates me Itmmmn ;u a user interface 

30 library to be used for purcha^mg me merchandise, im Enti^?oint, IrnageBase, 
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EKey, ECode r DataSize, Nuir:bvrR^: ^cations, and Relocc^ons fields are used to 
support the decryption of the encrypted content fi3e(>) and to determine the 
relocation information when the cor tent file is secured using ihe technology of 
related U.S. Patent Application Serial No. 08/792,719. I f an alternative licensing 

5 and encryption scheme is used *hen these fields would be modified accordingly. 
The ContactCompany, ContactAddress, ContactSupportPhone, 
ContactSupportFax, Co:atactSnpportEmail, CcntactOrderPhone, 

CcntacvOrdcrFax, ai.d Couu^:xvd. :rEv.:.ai?. fields rrTa-: supplier dependent 
information that can he dh>j:h;.\,e<- in cialogs preset?, d by the virtual store 

10 depending on the user interface being employed. The DeveloperlD and 
SecretKey fields are used to cmfe s. symmetric xey to dzz^c the electronic 
license certificate generated hy Iik ] sensing and purchasing broker. The other 
fields are used for other similar hcea^hig and piu chasing functions. 



^Execute 

TRIGGER ; ~- i, -yrogTaaiFiiesDir>\wmzip\)A'inzip32.exe/ i 

1 JRJ • - tr . r + t - » • V v /s *rv er/prc d uc r/* ^jr ::':.??. ; r 1 t> .? rr setup, ex e !I 

MSGDIG - ''NDLsrKcS36YbugITP4yUjv8PSfk--= M 

ProducJJUID ==■ r v. ^Zl.-dsmo-OOCO' 

NAME = "WinZip 6.2" 

DESCRIPTION = "YvinZip 0.2" 

LOCAL - "<?t-v3T£ MFilesDir-Avfiar^^^sc^ir.^xe""- 

i aole 2 



15 



Table 2 is an owmi.z- of tne content of a : ;v;igie entry in a 
component list file. In an exiw.uiar/ embodiment, each icon m the virtual store 

20 that corresponds to an item inaL can be purchased and distributed online is 
associated with a component da?, liie (an .ssc file). Within each component list 
file there is an entry similar to tnat snown in Table 2 tor each component that is 
to be downloaded when the associate" .1 item is requested. For example, if there is 
an item-specific encrypted DCS security information file and an item-specific 

25 user interface library that are ,;, b:; ccAvnlcaded 10 purchase the requested item, 
then there are entries for each ; o:h eomponem. 
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Each entry eonUlrj ; ;i tag that specifies hoy/ to process the 
component when it is download and sufficient infonmiion to download a 
component if the file indicated by the TRIGGER field is not already present on 
the customer computer system Specifically, the tag (in this example "Execute") 

5 specifies what to do with the component referred to by the LOCAL field once it 
is downloaded. An "Execute" tag specifies that the component referred to by the 
LOCAL field {e.g., "setup.exe") will always be executed. A "Component" tag 
specifies that the component re fin jo U? by the LOCAL ibid i* to be downloaded 
with no further processing. Al f E.vt;cuS:eOncfc' ,? Itg sper:Ff s tliat the component 

10 refeirsd to by the LOCAL field .g to he executed only if the file referred to by the 
TRIGGER field does not airs&dy sjust. The TRIGGER fie! 3 of each entry 
indicates the location of a file that is present when the component does not need 
to be downloaded. Thus, the TRIGGER field is used to de^rmine whether to 
download a component. The U?J field indicates die location of a content 

15 supplier server .hat can provide di:; component. In aocn-.icu, ihz MSGDIG field 
contains 3. meat age digest, \vL*ei L ujed to de^rmk: u-js jia-*i the component 
has been successfully loaded. Use, of the message dL,es: is ee^Lbed in further 
detail below v/ith respect vj FUure 8. The fvciueLUUIT:, NAME, and 
DESCRIPTION fields indicate ;-Je:i;ifyhg infomaticr: -.ir,ed by the licensing 

20 code. When present, ihese Se.ds i.t iypicaHy store a in a :v^em registry and 
used by the licensing code to deteu;ime which DCS security information file to 
use ibr a particular content fill., hi audition, the ;*CAluL l^a ;;iay be displayed 
by the boot program exeeutaL U i,o ^ve user ieedlack ^^uh.g ihe component 
currently being- dcv/nlo^eeo. Uh/- LOCAL field iiiJica: e., ia^U location for the 

25 downloaded component en die ..:u::to ;.er computer sys.e^i.. 

Figures 7-13 dc^erLe l\ further detail the jtepi performed by the 
secure digital commerce sysuvr. *o ptrfoim xhe licensing avid purchasing process 
presented in Figure 4. One akhtau m "hi will iceQg./.,2e t\dn Cuzsz steps can be 
performed in c:ner orders e^.- ^ dUlUtnt conrpeuu ^ than those presented 

30 herein. As a p tlixmnury iflu-ii, customer L:sl naw.aUa :o a vht^l store 
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WEB page in order to request an iter i for purchase. Figure 7 is an example WEB 
page of a virtual store used to p irclaase electronic data, wnich is executing on a 
customer computer system. (Display of this WEB page corresponds to step 401 
in Figure 4.) WEB page 701 contain*: an icon 702, which, when selected, causes 

5 the "WinZip 6,2" product to be licensed and optionally purchased. Text area 703 
contains descriptive text to aid a customer in making a decision to license or buy 
the WinZip 6.2 product. Pushbuttons 704 enable ihe user to explore other 
merchandise available for licence purchasing. 

When the customer requests an item of merim^niice to be licensed 

10 or purchased (for example, whr;i thr user selecis :coi\ 702 in r igure 7). then the 
virtual store downloads and potuntialiy initiates the execution of a boot program 
associated with the requested nvf,!ohandise (see step 403 in Figure 4). 
Specifically, each merchandise icon is linked (anchored) to a merchandise- 
specific download nle, which is l file stored on (or generated by) the virtual 

15 store. l:i one laibodiriieut, dDWiIo-d file is c self-extracting file that 
contains: extraction code;, l .V A:\ tliai bdicafus iL-o oFUs& boot program 
which follows, ihe boot progn^ ^^.ferably conprs.^-: :■:'), a:*d the appropriate 
component list: file. The dov^k:^ vile ;un hi genera^d statfeuly using the 
SAFErnaker utility described .beve or can be gene:ulud dynamically by the 

20 virtual store when it downloads a WEB page that include:, the icon that is 
anchored to the download flk. Vvhe;i the customer sc/.tc.s merchandise icon, 
the customer is qutded wiivL:: j cio nn\oj.d and sion: do >nx-ad and execute 
the anchor file (.hdicated oy rh. When ihi use: i; : : : 1 at the download 

file is to be executed, ihs txufA/.y.n ;<,de of the dcn^w ji\ fie ij :.xecuiad, which 

25 causes ias component list (ne . v file) tj be 5xtr£c'.ui and ;/ s boot program 
executable to be (potentially de. ::vip..r.s3ed,) extra^d ..;.d executed. One skilled 
in Una an will recognize that u:iy r^jbanism for associating an >:on with a boot 
program and for causing £x booi j-./ograin to be do* 1 beaded and executed is 
operable with thv secure digita' ;>ysif3i. 
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Figure 8 is an exj/r/ple few diagram of fLe steps performed by a 
boot program executed on a f ;s..or,ier computer sys'^sa *io download client 
components when licensing a ^eJ^c^ed item of rnercraridkc. (These steps 
correspond to steps 404-405 in fi^me 4.) The boot program is implemented such 
that it downloads only the components that are necessary to license (and 
optionally purchase) the selected iver;i. For example, if the; user interface library 
to be used to purchase the selected item is the same library as one already 
downloaded, thtui ii is no: dew. i^vi-si again. In addkhe. tlv: boot program can 
recover from a failure during .;c ':ad process and era resume downloading 
where it left off The boot p:o£.ri.:^ accomplishes fch-sr oh, stives by using a 
message digest algorithm to d^nnine whether a jomp::aenr has been 
successfully downloaded onto a cdi;.; >aier computer system. 

Specifically, in sup iiu u the boot program r ads the component list 
(the u .ssc" file) associated will the selected item cf ' ; :^:;chandke to determine 
what component to download . r,:i.t j spc^fied ccnturl i^ppher server. In steps 
802-808, the boo;: p:ogram ex^o lies loop to process Ca. r le^'iimng component 
in the component list that Lr; /> already been ;^;:esidally downloaded. 
Specifically, in step 802, the boo. pi-ogram select .:he ^e;;t carircnent from the 
component list that appears fcho.vit..^ die last successful iy read component. In 
step 803, the boot program de^r^in^s whether all of the ie^a.rdng components 
of the list have beer; processed, and if so, returns, eke rcmhues in step 804. In 
step 304, the boot, program i^ui-iines whether iLc "il*.- mdicaled by the 
TRIGGER field Is already ps.jcn.. if nc;, the be p^iam obtains the 
component ividioaied by the J:\ ,rdue from die go.^-j,; supplier server and 
stores the obtained component ui> indicated by the LOCAL '.ame (see Table 2). 
In step SO j, the ooot program c^uui^s a message digci, (die value of a one-way 
hash function) for the dow;iL;-i:..ai component, in i.k:p iOd, the determined 
message digest for tilt; m;\\t. ; - downloaded component is compared with a 
previously store J message dige.a. ... cornponcai li.Vi u-ja; '.-if, MSGDIG value 
in Table 2). In an exemplary C:\ CL.:i:/uent, an MB5 al^uJxfj, d used to calculate 
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a message digest. However, one skilled in the ail; will recognize that any 
message digest algorithm or any function capable of determining a predictable 
value for the downloaded componert for comparison to an already stored value 
may be used. The MD4 and MD5 algorithms are described in Bruce Schneier, 

5 Applied Cryptography, John Wiley & Sons, Inc., 1994., which is hereby 
incorporated by reference, In step 807, if the calculrted message digest is 
identical to the stored message diqssf, then the boot program continues in step 
80S, else centimes buck l::> the V«:r/iin£ of the loop "i. S''.y 302, because a 
failure has occurred in dow:>rv adh r the component In 3vo 808, the boot 

10 program sets an indicator of thr f successfully read ro:\npo:u i\t to indicate the 
component most recently load:: l ! \ step 809. the b::-:f program processes the 
component according to the \ig (eg : "Execute"), and ccr back to step 802 
to select the next component to d^v'ksul Note that tlv: teg associated with each 
component entry will automatic* -\. = -use the secured : ^uru filr* (or the content 

15 player, depend:: : b on the situatki;, j ^egiii executing 

Okc soiled in th:- l:1 ill recognize uidt Olrf^t: behaviors will 
occur when th~ contcni file (or ie;\* player) begins n 0 depending upon 

the technique used to incorpc. --c r «i iicens.ng code < ; dr^pfen (security) 
code arid depe idmg upen fn. ..:cryptio^/deet> pt:cn .eoh-Ljie used. For 

20 example, as described ;a furthsi in related U.S. ?*i ".c- .application Sexial 

No. 38/792,719. when uiihij, l ^cdun lecludqu;.. LirrLed therein, the 
execution of dv: encrypted c;>. ••, Iki ";/ui ai^iui'.i-j.vly «.r *se the licensing 
code and (eventually) the secuLty c. At to be execuai a;: a l ;--alt of injecting a 
licensing DLL uLo die car^.t . Specificdiy, ; 'TLL'VIaLi" routine is 

25 automatically Looked whin ::- "ia^itv; code libru/j* .:. Ic^sl, which in turn 
executes die acLuii licensing c : j. Ai">c: flii Lcei:si:i£ : :utcs, the security 

code stored in the. encrypted Ct.-.to: t jiutomaticahy e;:c:- be:;; use it is inserted 
into the content file immedkiu..^ ft; 1 'owing (a iLAj. fr.i licensing code. 
Thus, the lice^ing code av: 1 ^.ypdon cudc uvic\ Really executed 

30 before any supplier-specific , is executed, s-;. >:-\'cy code in an 
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exemplary embodiment decrypt?" ihe ^acrypted con : vk ^v^Ully in order to 
prevent a fully decrypted version ci'v": content to be p^seir in w entirety at any 
one time. A similar procedure is a::ed when the content player invokes the 
licensing and security code with m exception that the Hcersing stid security code 
is explicitly invoked and knows how to locate the conten; fib and to decrypt it 
incrementally. 

Figure 9 is an ex^ipk flow diagram of licensing code that has 
been incorporate^ into ar* encr u 1 :a \ x;teiu file. Z^uti- c <:jch \i .Incorporated in 
a content player by calling appvo_o:.;.te routines. TIL; Ycei^vg code will be 
discussed for purposes of example relative to an encrypt:* content file. In one 
exemplary embodiment, the licensing code is provided iv. i dynamic link library, 
sueh as SAFE.dll 511 in Figure 5. (The steps of Figure; 9 correspond to steps 
406-403 and 412 in Figure 4.) Lach time the encrypted content file is executed 
by the customer computer sysk. ; (L:^ licensing code h\ pr-'fc: SSiy automatically 
executed. The '"censing cocc \. x sensible for du:: \ix.ining vhether a valid 
electronic license, certificate i& uv*iij';.ble and, if so, cloning w* cecution of the 
content, otherwise forcing the e~ stomal to license the kar* iron .he supplier. 

Specifically, in s^: 901, the licensing cede determines whether a 
valid electronic license ceitifiOai-j ("HLC") is available. Tne s^tps used to make 
this determination are discussed f:nhsr below with reference to f igure 11. If a 
valid ELC is available, then tic demising code eontnues I:. ^p 99? and skips 
the licensing and purchasing picoes. »;lse continues in iie,; ZZ'l. hi step 902, the 
licensing code leads the user inunLc^. library associate^ with tru component and 
obtains a purchase option from the easterner, sueh as "rent-lo-buy," "buy," or 
"try." The purchase options ^isis: m determining iht par^eters of a valid 
license. An example inteiface ior obtaining this irAbrmadon is described below 
with reference to Figure 10. Tlu needing code obtains *:he use* imerface library 
name by retrieving die UILibKur.x r<cld from xht Z-C'A ue.^ riiy information file 
associated with tne produc;. Th.; x>± : ;iated DCS secui ..^ .n^/jnation file can be 
determined from the Productl^'jl.-, ,/hicL was prevkasiv Ujred hi the system 
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registry by the b;ot program cLing Lie component dovvuioa:'. process, in step 
903, the licensing code determine whether the custome- ias indicated that a trial 
purchasing option is requested a ad. h so, continues in step 904, else continues in 
step 905. In step 904, the licensing code sends an HTTP request message to the 

5 licensing and purchasing broker (e.g., the licensing and purchasing broker 307 in 
Figure 3) to provide an appropriate license for trial use of the product, and 
continues in step 908. In step s O:i 5 the licensing code :V:ter.,imes whether the 
customer has indicated a pureed: $ option i:c puiclu.*;. Ac tcrient and, if so, 
continues in step 906, else coiui step 907. l:i step ?-C6 5 licensing code 

10 sends an HTTP request message to the licensing aid purchasing broker to 
purchase the content, and contuses in step 908. In step 907, J.^ licensing code 
determines whether any other r>pe of licensing or purchasing request has been 
indicated by thz customer and l;. "ids; an appropriate HTTP reqres*; message to the 
licensing and purchasing broke;*. F:-: example, othsr r-;;;;.er.; associated with 

15 rental use or ovhuT types of puzA. is" 4, options m^y be bup,.a ted The processing 
of these HTTP request rness.it t:s by the licensing ca6 purchasing broker is 
discussed further below with reject i<j Figure 12. In s':cp 90S, the licensing code 
receives a valid ELC from thj lie sailing and purchasing bt:oit<':\ stores it, and 
continues in step 909. The; ELC may be stored in any ar^a ;hat is accessible to 

20 processes exerutiag en the cjacirr.:: computer system, s^ch as in a system 
registry. In step 909, the iicer-s.^g r.cdc causes the deor^ Aic:. a^d execution of 
the licensed covr^nt, and reran a. 

In an exerr;p A <*. . at J >odiment, th*; !Ata^:..g code uses an 
intermediary library function ;,v^rt;L in, for example, die GAriiBuy.dil 509 in 

25 Figure 5) to send the purchasing toques* of siep COfi x 3 licensing and 
purchasing broker. A separate Avaiy is useful in ste^a-i^ v.iicre other types of 
programs (other tun virtual ste :jj d isire u utilize ihc. t Jicln.iAig capabilities of 
the licensing aui purchasing Aohc. . Hie library Adgv ir, orovides a unique 
transaction ideuifk: uai oa^.. jj used to identify die pa/acular purchase 

30 transaction at a further tun:, .u;; capability is aseiv.1, fc* example, to later 
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cancel the purchase. One skill ri v.e art will Ti-xogiii:^ > :>at ^rher organizations 
of the licensing avid purchasing.' r\:pf'"rt code are also p^r.sb'c. 

Figure 10 is an en .--*rrpb display screen presumed by a virtual store 
to determine whether a customer dec; ires to license a product for trial use or for 

5 purchase. This display screen i~.ay be used to implement step 902 in Figure 9. 
When the customer selects thf: "Try" pushbutton 1002 is: Figure 10, then the 
customer has indicated that trlJ use of the product :s desired. Alternatively, 
when the customer selects th * :f Bv/ : pushbutton 1003 ; r : .^ure 10, then the 
customer has indicated the doKi *\ • , archaic the pr,. a: o \ 

10 Figure 11 is an j:.nipic flow diagram of f\e ^..eps performed by 

licensing code to determine w.ei:htr a valid electrode iieens'ag certificate is 
available. In step 1101, me vsuieves, decrypt ii*d decodes the electronic 
licensing certificate (ELC) :: oo~a.a vhe parameter .n \ht license (e.g., the 
licence terms). The license pa_r. nrXvs that are obtained in step 1 101 indicate, for 

15 example, how many uses of a -uvular licence can jo e.x^.tr-:- . cr, for example, 
hov; rnany different user pa^ c-i*A -.re able ;o v^t ""h- ;.a;ne electronic license. 
In addition, liee/ise parameters ; ;a ;fleel an auih^izet Li; p-„ :ioi for use may 
be speciried. In step 1102, L;..c utde tests various at.ti.:-utei j? the customer 
computer system to determine .vh-ahor the conditions l^cicauid by the retrieved 

20 license parameters have been 'lid. in step 1103, if ai\ of :h< conditions have 
been met (for example, :he .::.;n.i ase period has net ,;\pheui, then the code 
returns indicating that a = is in effect. Cu.ciwis 1 ,. the cede returns 

indicating that die can-tin iiwui. i.j n /alid. 

In an sxempiaiy Oilmen:, the ELC :S euury -;,:u and decrypted 

25 using a symmetric key algorithm. A symmetric algorithm imphes that the same 
key is used lc encrypt a plaintc;a i^ssage and to deciypi a cipnertext message. 
Any symmetric key aigorinu.- cvxd be used. Syn uviotr. .: and public key 
cryptogiaphy, both cf wilier _ . utilized by exempjavj e .ilodiments of the 
present invention, are desvh. -L in derail in br,^; i'clmeier, Applied 

30 Cryptography, John Wviey & inc., 1994, which is herein incorporated by 
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reference. According to one technique, the DevelopenD and SecretKey fields 
(stored in the encrypted information file) are used to formulate a symmetric key, 
which is client and product specific. These fields are provided by the supplier 
when the SAFEmaker utility is executed to produce the components of the DCS 

5 client (see Figure 6). Because the encryption of the ELC is provided by the 
licensing and purchasing broker and the corresponding decryption of the ELC is 
provided by the licensing code, the encryption and decryption cede are preferably 
synchronized to correspond to .vie a- other. For this rersoa o separate dynamic 
link library (e.g., passgenJll) h ix^A by the licensing anr? purchasing broker to 

10 allow the encryption algorithm to be replaced eX an)' *imt to correspond to 
different licensing code. 

Figure 12 is an e^ fiph (low diagram of the st/'ps performed by a 
licensing and purchasing brckrr r»f tre secure digi'al ccr-n^ccr system. These 
steps are executed in response *r rec^vmg an KIT? request t:v ssage sent by the 

15 licensing code in step 904 or 9'. > h.- r^guro 9. As dcs;r"bwd tiixUT, the licensing 
and purchasing broker irr.sn. U ; :;h a passwed ^:;,c; r;i:a system (e.g., 
passgen.dll and he data iepo^';vr f ) and pajanent proce^hg tractions tc license 
and purchase ar. -"adicated item r,f ;-.r. -vchandise. In summary, the licensing 
and purchasing broker receive.. - ; r.t utst Lo buy an itorr. ;l '> "It :ns appropriate 

20 payment processing to pevfoirL a :hase. When ilk- lir jir:^ and purchasing 
broker receives either a request vo yr a request tc bvy vL*.i it rr t the broker uses 
the password generator; systcr... ic -v.tsiate an ELC lr r-jtv.v to the licensing 
code. 

Specifically, in . ;p 120k bicker J>;u- .Mir.es whether a buy 
25 request has been received ar^L i " ; ;i: 5 jontinues in step 1207, n'&c continues in step 
1206. In step 1102, the fcroL r -r& the licensing .orl: (=; ?;:5:al!y, the user 
interface library toutmes) exLcmh.g n\ ihz ensromu icr. puV!> system to obtain 
credit card or purchase order iw^-.i . ration if such uribt^ntiu; sot already 
sent with the reque-r:. A sanv .= Late* face for ub&Lu^.g ;n;lhod of payment 
30 information and for verifying ;.* z p^rcnase transaction air a; r.&ibed below with 
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reference to Figures 14-17. Ou :t Irs credit card or purchase cider information 
has been obtained by the licensing sad purchasing broker, then in step 1203 the 
broker obtains payment authorization from a payment processor such as the 
payment processing function 3d) n Figure 3 and informs the licensing code 

5 accordingly. Cne skilled in tie will recognize thzl sny mechanism for 
authorizing use of a credit card couid be used. In step 1204, the customer's 
credit card account is charged, auc ir; supplier system is automatically credited. 
One skilled in th^ an will rzcc tJ \uc ,'iat the licensing and puie!asing broker can 
either credit fne supplier dh.rtiy a; this thru: by tending, the appropriate 

10 information to the credit card company, or can have the credi, card company pay 
the licensing and purchasing bi.ker, which in rum is responsible for payment to 
the supplier. In step 1205, :Lu et^ker informs the I;c-;-;jin^ code of payment 
authorization and continues iu vw^ 1207. An example user interface for 
reporting the transaction identilios.ti xx information tc fee euixruer is described 

15 below v/ith reference to Figure . payment has ;;Ow oeta auu.orized, then the 
broker returns such in-formatc*. i:> ihe licensing code, disucn "hides execution of 
the steps ivi Figtre 12. and foils g-^orate a valid ELC. 

In step 12CG, the ;:;ol;er determines vwie.j.„e; It has received an 
HTTP request message ihat muicur^ trial use is desired an J, if so, continues in 

20 step 1207, else continues in s;tp V2 >9. hi step 1207, in order for the broker to 
generate an EL-C specific :r iiu. ...sev and to the indicated product, certain 
information is typically sent iv; u.e licensing code in me I-7iTr request message. 
Specifically, information that tmicu;>y identifies the user una -he product version 
is provided. The broker u.^; received prodac; /'ersion identifier (the 

25 ProductSKUId) to retrieve L^rr. ,\ version table a t;uir ^ponding password 
configuration identifier (pas^-L^nn^-id). Once the pasi -co rilg-id is retrieved 
from the version password gene ratio j data repository tacL ? this identifier is used 
as an index into a password co^fjgu ation table tc deter tmm: a set of fields to be 
used to generate the license raram^ers of the ELC. (Cne wiil recall that the 

30 fields stored in the pass vvor^ b rr^r^on tables were specifier by the supplier of 
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the content in conjunction with the HAFEmaker utility.) An example password 
configuration table is shown below as Table 3. A table with potentially different 
fields exists for each unique pass-config-id. Because multiple versions of 
products and multiple products may jse the same pass-eonfig-id, they may share 

5 a single password configuration tablft. This attribute may be useful, for example, 
if all the products from a particular supplier have similar electronic licensing 
capabilities. In step 1208. an ELC is generated based upon the fields of the 
determined password configuration t-ible using a symmetric key formulated from 
the SesrelXey and Developerl!" fields of the enetypicd information file and an 

10 appropriate encryption £Jgori£lrn, ar* discussed earlier For th-== purposes of this 
specification, the ELC may be v^ve*? as a very long air^e- vhk-h encrypts the 
license parameters indicted by the fields in the password ...or. fig-ration table. In 
an exemplary embodiment, ih: c-jis ..i&ed lO perform steps 1207- 120S is provided 
in a separate code module {eg . pr.ssgen.dii) so that the password generation 

15 code, including :he encryption t v^ d-iciypiion algor i/ir:^, "t.*< be easily replaced 
in a licensing and purchasing b:okei. 

In step 1209, t:.«; broker processes any o..h;r iyps of purchasing 
option fcr example, a rating r^ku, and geneialsi :m ^prj-opriate ELC in a 
similar fashion tc Steps 120 M 2 .v. lu ^tep L210, eh* T.nJ'tr v::ids t;ie generated 

20 ELC back to th& licensing cade ^ecutiag on die customer ccivipuver system, and 
then returns. 

On:e the Vi:eiic. .w, i :xi purchasing trcker hai completed its 
generation and retain oi a \>l;*C electronic license cerdficat3 5 the requested 
merchandise is then piocesseo ^ uc:*.,ribed in step 412 of Figure 4. Figure 13 is 
25 an example display screen cf tr.c vrnZip 6.2 program. v*hl:j: was selected for 
purchase in Figme 7, when it <r -.aut.i altei completing iiu, licrrring procedures. 

Figures 14* a7 p;c /■;!*. sample iser interne cispluy screens that 
are displayed by the licensing code (via the user vanillic; library) to retrieve 
method of payment mfoiriialLi:? Vhese display sckuis may be presented in 
30 response to request from heensing and purchaokg broker for more 
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information. The particular disp.ay screens presented are cextrmined by the user 
interface library that is associated with the downloaded content file or by a 
default user interface available x;>r ths virtual store (see e.g., SAFEUI.dll 508 in 
Figure 5). As mentioned, the appropriate user interface library is determined by 

5 the licensing code from the UILibNume field of the DCS security information 
file. Figure 14 is an example display screen for selecting a particular credit card. 
Figure 15 is an example dispLn screen for entering a password for a selected 
credit card.. The credit card c&:\ :s s».r-t to the licensing anc purchasing broker in 
encrypted form. In an exemplary embodiment, the credit card information is 

10 stored on the customer company sy.stem using a securs iecVmiue. One such 
technique is known as 4; wallet technology" Wallet lech:,:oxgy is an ActiveX 
control supplied oy Microsoft Crrp. ; which encrypts credit card information on a 
client's hard disk and k^ep<; ta k of ail credit cards, Figaxc 16 is an example 
display screen for adding a n. l -' cr Jiv caid. Figure 17 lv> an example display 

15 screen for allowing a customs ;o v-nfy an inter*; to puci^e after supplying a 
method of payment. The display scieen includes pricing information, which is 
supplied to the licensing code b , flv licensing and pui^r:.3ir..i linker using die 
password generation data rep:r.iU:iy. Once the user liui --elected the Buy 
pushbutton 1702 in Figure 17 ir.iicating agreement to purchase die merchandise 

20 at the displayed price, ihe card (or purchase: ordst) information is 

forwarded to the licking a t J. t;j ^ash.g broker. F : gi.;e ]£ is an example 
display screen kv indicating th;i: p.'ichas^ig Ir^Asact'an Kit) authorized by 
the licensing and purchasing t- s &r the paracuk:: ha:i jlz uoi; idcrjtixiev. 

Communications ier/. icn the DCS ;lie:;i izamp ononis and the 

25 licensing and purchasing in:ki: l:o preferably perid.tiiod '^vdg a secare 
communication xivsthodology. Figure 19 is an example b.ock diagram that 
illustrates one technique for .-^sj^.ig secure comm unicnVio * between a DCS 
client componeii: and a "iicen:>:..: :1 \:urciuismg trcke*. Alvxugh Figure 3 may 
imply that the downloaded v ;.a .plants ^omniuniaia, ;l\c licensing and 

30 purchasing bioLcv to requesu *;c. ting and parching imd tu receive the 
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generated ELC. one skilled in V ;v will recognize that i! h also possible for 
these components to communiea.e \ r \ a server associates 'v;\ the virtual store. 
In Figure 19, communication between the client componev. .ts (clients) 1901 and 
1902 and the licensing and purchasing broker 1903 depends upon secure key 

5 exchange. Secure key exchange is accomplished by sending a client-specific 
symmetric key using a public 'private key algorithm. The client-specific 
symmetric key is used solely tn communication between that client and the 
licensing and purchasing bio::.;. Specifically, a s;p.m : .3 communication 
session-specific symmetric /.cy . : provided by c:.:n clbnt for each 

10 communication s -ssion and is jeni tc .he licensing and pvccixs'n^ broker 1903 in 
a session initiation message using th: broker's public key. On-s technique for 
distributing and obtaining the ri'cke/s public key is to ul ; a commercially 
available digital signature service, i&Sli as Verisign. Laause -'.he b/oker 1903 is 
the only process that knov/s its :.\vi: private key, the looker "503 decrypts the 

15 session initiation .nessagc using lis pv .vaie key a::\c. rettic j Ihe diet's session- 
specific symmetric key. Ther^ier, all messages from A\j c-rckcr 1903 to the 
client 1 901 are encrypted by th~ 1901 using l.Ucu. l^'OTs symmetric 

key. Client 1901 is then able to Jticr.pt a /eceived mej£.;.fe'j the vyiiuTietric 
key the* i: initially generated and aon: to the broker 190.";. Cl^n: 1901 encrypts 

20 messages to send :>o vhe broke* *:9jJ also using client 1901 s symmetric key. 
Similarly, the client '1902 send? '..s cm encrypted symmev/k kty to broker 1903 
using the broker \; public key. ne ;roker ;9C3 in ,di.i cea:. Au/n^es with the 
client 1902 using the cheni-s^ ^.ix ^ynnneuic key il'ic*. coats ponds to client 
1902. 

25 One skilled in ±i av.. win recognize i\r.x ^/ Cgon±::^ for 

generating a symmetric key vmj \i udlizcd. One skilled L\ the art will also 
recognize that any symmetric .r/ptoyaphic aigoritnm t;^; uLLzes a syinrnetric 
key may be used. :o encrypt am d^r/pt vhe messages, i'o:: sample, the DES 
algorithm, which is describee l: c anil in the Schueio* icfei.encc 5 could be 

30 utilhec. in an s> ^mplary embi.^.me. vhe RCj algorithm, *'Lla a a proprietary 
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symmetric key algorithm available £ rn RSA Data Security. : ic, is utilized. In 
addition, any cryptographic algc'thm that uses publiVpri"va*e prnrs of keys may 
be utilized to implement the technique described with reference to Figure 19. In 
an exemplary embodiment, the public /private key pairs are generating according 

5 to the RSA publi o-key algorithm. This algorithm is described in further detail in 
the Schneier reference. 

Figure 20 is an example encrypted message data structure for 
sending encvypti-. d messages lr-. /ct , a DCS client 0^4; one*;?; and a licensing 
and purchasing broker Plaii::'-;;t message 2001 u; »v^;>pp; d as specified in 

10 Figure 19 and scored according to die layout of cipher text message 2002. 
Ciphertext message 2002 contains c. message digest 2003 and an encrypted 
symmetric key 2004, which has> jsen encrypted asing licensing and 
purchasing broker's public key. In addition, field 2005 contains the message 
content, which has been e^cr/ot^d ..sing ihe symmetric kev that is .sent in 

15 encrypted form I.: field 2004. 

Tables 3-5 are ^;..\pl. password gen^aLr: :. : :..c.v stored in the 
pass word geriei irion data report:,..}, which is ased by die licensing and 
purchasing broker to generate eic;^o/ic license certificates, 
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Passwc i d-Confi puration Table 



Field 


Type 


pass-conng-ia 


Varchar 


pas sword- version 


mi 


secret-key 


Varchar 


developer-id 


Varchar 


expire-password-in 


Varchar 


start-date 


Varchar 


pasf;word-outpiU-scher*±e 


mt 


developer-info 




concurrent-code 


mt 


Licenses 


int 


soft- licenses 


lilt 


program-executions 


mt 


flex-nodelock-machines 


Int 


m aximum-usernames; 


Int 


release-number 


Int 


min or-reiease-number 


Int 


hostid-type 


Int 


misc-infb 


Int 


min-hostids 


Int 


max-hostids 


Int 


»ns.ur.ces 


Im 


emergency-id 


Varchar 


feature-type 


Inx 


feature -list 


Varchar 



Table 3 

Tabic 3 is an example password ccMifir oration table. As described 
5 earlier, a separate password configuration table is provided for each password 
configuration identifier (pass-cenfig-id). There is a version table in the data 
repository for translating between a retailer specific product version identifier 
(the ProductSKUId) and a corresponding password configuration identifier. The 
fields are used to generate the license parameters for an ELC that corresponds to 
10 the determined password configuration identifier. One skilled in the art will 
recognize that any fields caul: be r.;>red in th, : ; p'^-'^cvi configuration table. 
Further, any algorithm for combining the fields in a dtaenviiable fashion to 
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encrypt them into a single code that can be decrypted without losing information 
could be utilized to generate the ELC. 

Gene rated - Passwords Tab le 

Field Type 

pass-config-id Varchar 

user-id Varchar 

generati on - type hit 

date-generated daletirae 

pas sword Va rclrjs 

I able 4 

Table 4 is an example <*.bie of the actual passwords generated for a 
5 particular password configuration identifier (pass-cotifff-id). One of these tables 
exists for each password configuration identifier. Further, both normal 
passwords and emergency passwords (discussed below) are stored in this table. 
User identification information h als ; » included for each generic! password. 

10 Emer gency -Password Table 



Field 




er '^rtencv-id 


Vcrchar 


user-id 


Varchar 


puss- ^oiifig-id 


"V*aicfii:.r 


~t?'~t-hour 


Tnt 


end-hour 


Int 


j'U' l-minute 


Jut 


end-minute 


Int 


star l-day-n limb er 


Int 


end-day-number 


Int 


r.t^. "t-date 


Tnt 


end-date 


Ini 


steU*l.-inonth 


Int 


end-montb 


Int 


start-year 


Int 


en.i-year 


.tnt 


st:rt- week-number 


(nt 


end-week number 


hit 



Table 5 
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Table 5 is an example emergency password table. An emergency 
password table is used by the licensing and purchasing broker to generate an 
emergency password when a customer has for some reason lost a valid ELC (and 

5 potentially the merchandise), but has been previously authorized to use the 
merchandise. Emergency passwords are particularly useful in a scenario where 
the customer is unable to reach the supplier of the merchandise using available 
contact information. For example, if the customer's hard disk is destroyed during 
a weekend, it is useful tc be ab;e to »'=-generate a valid ELC and potentially re- 

10 download :he merchandise tc allow the customer to continue to utilize an already 
purchased product. 

Mere specifically, the virtual store supports the creation of software 
on a removable medium, such as a floppy disk, which can be used to recreate the 
merchandise. When the customer's .system hard disk fails, a= part of recreating 

15 the system, the customer runs a ■nerchandise recovery program from the 
removable disk. The- recovery program h^ previously stored :he boot programs 
and the component lists associated with die merchandise already purchased so 
that the relevan: files can be resurrected. In addition, the recovery program 
attempts to create a new ELC -ismg the normal password configuration table 

20 (e.g., Table 1). However, if tlii- neldi stored Li the nemsal password 
configuration telle do not allcv* for C\e cieaiiun of a ne w ELC for that user (for 
example, the number of uset; remaking ^ 0), then an emerge-iiey, ternporaiy 
password is generated. The f\\A£.i .J town in Table Z a;e used to generate the 
emergency ELC when the normal password generalicr. table will not allow for 

25 the generation cf an additional ELC. In that cas^, an ELC! m generated that 
expires within ti ceitaiii amount cf lime, for example 24 hours., io ensure that the 
customer calls the supplier's cu^toir.s': service numbei as sooit as possible. The 
fields of the en^gency password table are combined to gens'ate an (encrypted) 
ELC in the sa^e manner di:s.:if;e/, with reference io Table 3. Emergency 
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passwords once generated are slso c- tared in entries in the generated password 
table, Table 4. 

The description thus far has primarily referred to use of the 
components of the client portion of the secure digital commerce system by a 
5 virtual store. One skilled in the art will recognize thai many alternative 
configurations are possible. " : cr example, a standalone online purchasing 
application can be used to execu^: the components of the DCS client to 
communicate directly to a lictMfi^ vid purchasing broker io request and receive 
electronic licensing certificates, In addition, one skilled in the art will recognize 

10 that the separate components of the DCS client ar.d the DCS server enable each 
componeni to be separately replaceable and separately custont'xed. For example, 
to generate a customized virtual store, a specialized user interface for licensing 
and purchasing merchandise ca \ be generated and starsd as 'Sis user interface 
component (e.g., SAFEULdll 5CS in Figure 5) on the eust:mt computer system. 

15 Further, one skilled in die arL x. ognLie that Lit hccAslng cede incorporated 
into the encrypted content (or couterl player) can be repkeed iz, its entirety and 
can be made supplier specific, in addition, the code ased io gen^aie ELCs from 
the password generation d^a repository caa be optimized to be supplier specific. 
Further, all of the functions of the DCS server can oc provid^c as licensing and 

20 purchasing administrative fW.cads (for exumpis, viz an applications 
programming interface) to enable co .tent suppliers to furniih -heir own licensing 
and purchasing chokers. 

Tin secure digital con terce system can abo be utilized to support 

a combination uf transactions pe;:a.:ihig to the onlu.3 delivery of goods with 

25 transactions pei^arvitig to phyiicady deliverable goods aao services, For 
example, along with the purchase of the WinZip t.2 conquer program, the 
virtual stove ma> offer merchants.:,, *c tch as mugs, "-shirts, aivd bags, and even 
support service packages that cu.met ce delivered onlm^. In .nese instances, the 
licensing and purchasing broker u additionally responsible for classifying 

30 received request into online oeiwerabies (ESC itcu:s, and into physical 
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deliverables (nor; -ESD items) *?A is :esponsible fo.-: onbtiig and purchasing the 
non-ESD items. 

Fig ire 21 is an exanroie flow diagram of the additional steps 
performed by a licensing and purchasing broker of the securf digital commerce 

5 system to support non-ESD transactions. In step 2102, ;Iu licensing and 
purchasing broker selects the miix item of merchandise requested starting with 
the first. Figure 21 assumes tha, eaci\ HTTP request may request more than one 
item of merchan dise. For e;;a;;>jk, a ~ser interface libruiy rn.iy offer additional 
non-ESD merchandise, which etui be purchased at the same time that a customer 

10 purchases an ESD item. The user ; Kerface library ^enerav^G and sends to ihe 
licensing and purchasing broke i in FIT TP request, which request; the purchase of 
multiple items of merchandise. For .ach item in die puucfliasc request, in steps 
2103-2110, the broker process il. ^ item in accordance with an indicated 
purchasing option for the item. 

15 Specifically, in slCj> 21 *;2, the broker diL-nwin^ -;vae;her theri; are 

more items remaining to be processed for ihe request and, if so, continues in step 
2103, else finishes processing. In sr;. y 21C3, the lieemmg and purchasing broker 
determines whether the item is a .. LLo item or a non-ESD itei-.r. 0.n« mechanism 
used to determine vvheiher -die r: an ESD or a nui- ::ST rem is to store a 

20 flag in the version table in th: oas^vord generation r^pjuitory. For each 
purchasable item (FrcdactSkuIri), the version table stores either a password 
configuration identifier or a dis jui-. r irifcimaiich iouai.ucr. in fitsp 21G4, if the 
item is an ESD item, the*! ike dicker continues in sup 21Gc, els^ continues in 
step 2106. In step 2105, the broku ■ Aec-Utes the s:epr previously discussed with 

25 reference to Figuie 12 for itei-ii ':us, are deliverable oaiue. step 2106, the 
broker determines distributor contact infoimation for iit nor.-Z3D item from a 
distributor information table rairec within a daia repository. The distributor 
information table for non-ESD transactions can be stored along with the 
password gener^ion tables in . u-: p^sv/ord generation o;*u lepjsilory or m its 

30 own dati: repository. The disuihiu^r infoimation sioied iv* the tabic includes 
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sufficient location information for contacting a distributer from whom the item 
can be purchased using an electronic request. In step 2107, the broker obtains 
preauthorization information for a method of payment specified by the customer. 
It is assumed in this step that such information has been already obtained. If 

5 necessary, however, the broker sends appropriate requests to the code that 
initiated the purchase request (for example, the user interface library) to obtain 
method of payment information from the user and to continue accordingly, 
reauthorization is xiicessitated % > nra-ESD purchases, v/:*kb squire a shipment 
date befors the broker is able to crarge the purchase io a customer's credit card. 

10 The p reauthorization is performed 1 y the payment piece isinr- function (e.g., the 
payment processing function 309 io figure 3). b. step 21C1L ir the purchase is 
preauthorized, thsn the broket com' ;ues in step 21C9. - eundnues in step 
21 1C. In step 2109, the broker 3en-5 : a purchase order iv ths located distributor 
for the merchandise using a v ^U-k'iOwn Electronic Data I; change ("EDI") 

15 format and ^oinrnereia] ED V pro:- -.zts, such as iho;,; p raided by Digital 
Corporation. One skillcc in r.e *::■'. will recognize that <?ny mechanism that 
aliovs infcrnia'iior. for zAavi: • nr )ly providing a pi; ::ha: . <:rdrr wovdd be 
operable with v/ie licensing p-;:. .basing broken In sLp 2; <0, the broker 
returns the result of the prc-z^-bori; rtion £.;temfi to v;u .rzc.ie^xg routine, and 

20 then returns to the beginning o " -he \ • >p x step 2 1 C I . 

Tc complete the pun it using transaction for a r :.;»E3D item, the 
licensing and pmch^sing bzoker iv:i i until it is inlbi.;u--i 1: distributor that 
the distributor v/ill fulfill ;he rt. .i^.'-d purchase orrie* ^l:.lp 'h:, merchandise) on 
a particular d;-:t; At that vima. h;.- <loeijS A :ig p;.) ;L.. ..i;; 0 jro^er contacts the 

25 payout processing function i\> je the purcha;,iii e ir&.:iu.-'"ci' :o the customer 
and to credit the distributer. 

C r ;..i: skilled in i,., wili recognize that odier variations for 
processing ESD arid non«ESD I uijihv. lions would also op xziv. v ith the licensing 
and purchasing broker. ¥oi ^r-; np'1 nstc^d of the ul^v . .m:r."-...c library offering 

30 related non-ESI) raercjrandisc., : :e v 12B piges of th: /iruuw r .ct.i may offer both 
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ESD and non-ESD items for purchase. In this scenario, a graphical icon (or 
similar object) associated with each non-ESD item available for purchase is 
displayed in addition to icons for ESD items. However, unlike the icons 
associated with ESD items, these icons are not linked to a download file that 
causes components to be downloaded, because online delivery is not possible. 
Instead, other virtual store code is linked to the non-ESD icons, which uses the 
purchasing library routines to se id purchasing requests for non-ESD items to the 
licensing and purchasing broker. 

U.S. Provisional Application No. 60/0<-S,344, w:Med "A Method 
and System of Securely tncojjor?;: h'g Digital Iraoirr-atior: urv Electronic 
Store," fikd or. June 17, 1997, ii Lar-hy incorporated by reference in its entirety 
and International Application No. FCT/US98/01S45 filed January 29, 1993, 
entitled "Method and System for Inj'rvting New Cod;, In*o Rusting Application 
Cede/' is also haohy imxnpcraTifd by veference in its entirety. 

Although specific ei^h: dm^nls of; and ^v^p 7 -^ to;-, the present 
invention are described herein .;:r i;.r •. Lrauve purpose, it is k; < tended that -the 
invention be linked to these !vhc;!inu,YCo. Equivafonv jv^ifcds, structures, 
processes, steps, and ovh^r iiiodinc-jtions within the spur! of ihe invention fall 
within the scope cf the invention. F;, example, the teaeivng:; provided herein of 
the present invention can ..pp'iisd to other clisr.c/serv^r architectures, not 
necessarily the exemplary Internet h^ed, HTTP model described above. These 
and other change rn^y be -aiwl" u e invention \u ligh: of h>- above detailed 
description. Atcoiuhigly, ihe avr. Ion h not: liuiiv-a by 'hv disclosure, hut 
instead the scopi :*fthe present iiis- r;ior. is to c=. de^ruiutd :y the following 
claims. 
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1 1. A computer network system for impietrrntk-g digital commerce 

2 comprising: 

3 a client portion compris::";? online purchasing code for selecting 

4 electronic data to be licensed and feinsr^ted online and comprising a plurality of 

5 components that are provided by t suprlier server compute:- system, wherein the 

6 components are downloaded via the crJ'ns purchasing code to a client computer 

7 system in response to the selection of electronic data to be licensed, the components 

8 including the selected electronic dr/.a v ,4 .h vA least a pot'::;:. cv° the data being 

9 encrypted: and 

10 a licensing and puRh-v:^: ■■erv.r -portion ih:. v :rc r !c'cs electronic 

11 licensing certificate in -response to a r :pv. , vxorr. a downloaded component to license 

12 the selected electronic data, v/heiein, the t elected elixircr ic d.i^ is processed on 

13 the client computer sysiem, it ic dec*} j.*:d i nly upon deienrL: v^on of existence of the 

14 electronic licensing certificate generated ■' die licensing a:.d purchasing server. 

1 2. The system of :k:r- 1 wherein the plurality of components 

2 includes encrypted di^itd content, j : ; ■. < ; .one ing encrypted £<;o:;; ; 'y information f:le 

3 that provides licensing and decrypdo/ d;>... and a licensing :c : iw.irJe thai: requests 

4 licensing from the licensing ar;d par: "^;:1 g sei vcr portio:, wl^n 1 f-neiypted digital 

5 content is processed. 



1 3. The system of .j.l.t: ' wherein the eiecrx: lie ^tensing certificate 

2 is encrypted by the licensing and pt. cazl ng server portion a:.d decrypted when the 

3 downloaded selected electronic ^jtL ;ssci. 

1 4. The system of Ja^.; 5 wherein vhc licr.u;,^.g ijid purchasing 

2 server portion includes separate lv-gc modules for generating licenses and for 
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3 receiving requests from the client portion, wherein the license generating code module 

4 is replaced to incorporate a new licensing model. 

1 5. The system of claim 4 wherein the new licensing model includes 

2 a new encryption technique. 

1 6. The system of elair^ 1 wherein the licensing and purchasing 

2 server portion includes' separate coce tnod»;]e£ fox generating licenses and for payment 

3 processing, wherein the payment prr^ssi^g code module is replaced to incorporate a 

4 new payment processing module. 

1 7. The system of claim 1 wherein the online purchasing code allows 



2 selecting merchandise that is not to be transmitted online and wherein the licensing 

3 and purchasing server portion diffeienti-tes bstween sdected electronic data to be 

4 downloaded and selected merchaac^c taai noc io bo \rs>.?aii : :ted online imd 

5 transmits an order :sc physical ship.:., of ^elecle;! n>3ic/.at "Use that is not be 

6 transmitted online. 



1 S. "he system of ?!aim I wherein a plurality of electronic data 

2 selections can be licensed in recpome to .a --ingle licensing requssJ: vrttt to the licensing 

3 and purchasing serve;* portion. 

1 9. The system of ^\r> ! wheiein the coirpouej);^ downloaded from 

2 the supplier' server computer system are downloaded in a background task. 

1 10. A method in a eor;.p ter system fov f&cur.aling iigilai commerce 

2 over a network, the n-athod cornprLii-g: 

3 selecting an kern of eleotvov \>< data; 

4 indicating a purchasing opd* - \ for the selected itcn 
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5 receiving and storing & .^luraHty of components tha* -*re associated with 

6 the selected item, the components including a content file that contains content for the 

7 selected item, the content file not able to be processed until the selected item is 

8 licensed in accordance with the purchasing option; and 

9 initiating processing of the content file, such that licensing code is 

10 executed before the content is processed. » 7 »e licensing code causing the selected item 

11 to be licensed in accordance with th<? putci-asing option so that the content file can be 

12 processed. 

1 11. The method of claim i 0 wherein the selected item is licensed by a 

2 licensing and purchasing server. 

1 12. The method of rf Am ' \ furiher comprising. 

2 receiving aa electronic lu*c;.if. certificate that i.rd->zi f £*s that the selected 

3 item is licensed; and 

4 continuing processing of the content file. 

1 13. The method of ciii.ro U wherein a portion of the received content 

2 file is encrypted, and wherein the eoTtiruing processing of the convent file after 

3 receiving the electronic license eerdfoauj ; .uuei* vhe encrypted portion to be decrypted 

4 such that the content file can be prco^ ^ J 

1 14. The method of .xal;n : 0 Vv herein a portion of the received content 

2 file is encrypted and further comprising: 

3 determining that the s^.,c;.ec item has been licensed in accordance with 

4 the purchasin g option; and 

5 * decrypting the enciyp;ed J ^rion so thai LLf content file can be 

6 processed. 
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1 15. The method of claim 10 wherein one of the received components 

2 is a user interface library that is used to indicate the purchasing option for the selected 

3 item. 

1 16. The method of claim * 0 wherein the purchasing options include a 

2 trial use of the selected item. 

1 17. Trie method of cbSm 10 "wherein the pu/chasirig options include 

2 trial use. purchase, arid rental of the selected item. 

1 18. The method of claim ' 0 wherein the receiving and storing of the 

2 components is interrupted and further ion. xkbg resurmag receiving and storing the 

3 components without agair: receiving any components already successfully received 

4 and stored. 

1 19. A method in jiT'ipute:* system for facilitating electronic 

2 commerce over a network, the method comprising: 

3 receiving a request firm a rurchasing application fx a license for an 

4 indicated item, the requeii indicalL^ i pm hasiug option; 

5 generating an electimic certificate h -.;ordai:ce with the 

6 purchasing option, the electronic license certificate indicating the parameters of the 

7 license; and 

8 lending the generated elcouoaic license cenifica.e to the purchasing 

9 application. 

1 20. The method ck..;; 9 whsrein the generated electronic license 

2 certificate is enciypted. 
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1 21. The method of claim 19 wherein the generating of the electronic 

2 license certificate is performed by a separate code module. 

1 22. The method of claim !9 wherein the generating of the electronic 

2 license certificate is performed using a d a repository having taWes that define the 

3 license parameters to be used for the indicated item in accordance with the indicated 

4 purchasing option. 

1 23. The method :~ tVm 19, farther comprising requesting 

2 authorization from a payment processing system when the indicated purchasing option 

3 is a purchase. 

1 ?A. A method hi a : ot.'/Ci 1 . id computer sysltKi for ^riotming digital 

2 commerce, the method comprising; 

3 under control of a virtual t^oie, 

4 selecting an iter : ;>f *> Tronic data to be I'ceirod; 

5 indicating a purchasi ug option fcr selected : Azrn; 

6 sending a reque? to download a plurality of components, at least 

7 a portion of the plurality of compo:* -nts ' ■ /ing used to operate ;he selected item, the 

8 components including a content convene:. ; and ^ licensing cciupc^eiri;, 

9 vpon completion cf downloading the plurality of components, 

10 invoking the downloaded licensing womp Merit to generate a license in accordance 

1 1 with the indicated purchasing option , .c.C 

12 cpon receiving l ^:neratcd license, processing the content 

13 component so that the selected item ii operable, 

14 under e<: ntrol of a sup- r ^ ver system, 

15 receiving the u H u.^ k ,0 download the -pl.uaiii, of components; 

16 and 

17 sending the teques^:'. .,oznponents to the virtual store; 
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18 under control of the licensing component. 

19 sending a request to a licensing and purchasing server to generate 

20 the license; and 

21 under control of the licensing and purchasing server, 

22 receiving the request tc generate the license; 

23 generating the lice*:e in accordance wHh the indicated 

24 purchasing options; and 

25 sending the generatf::! demise to the virtual store, 

1 25. The method of claim 24 wherein communications with the 

2 licensing and purchasing server arc iurv ^merited using h public key/private key 

3 cryptographic algorithm. 

1 26. The method of '"air- 24 wherein a portion of the downloaded 



2 content component L encrypted, vs,d ':„/!hcr comprising decrypting the encrypted 

3 portion only after receiving the gcr.erat.vJ license so that lh« f leeted item is not 

4 operable until the license has beer* ys: crated in accordance v:itl\ the indicated 

5 purchasing option. 



1 27. The method of dab' ■ 4 wherein the indicate r 1 . purchasing option 

2 is chosen from uc leaa iie zzz of tria: ; v.: purchase. 

1 23. The method o ' S>^:\. f: 4- wherein the sjaipjr^*^ are downloaded 

2 as a background task. 
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